A post on an online forum claimed to have released 10,000 customer records from the recent data breach and threatened to release more until a $1 million ransom is paid. The chief executive of Optus, Kelly Bayer Rosmarin, said the Australian federal police is “all over” the matter. The post was later deleted, along with a claim the writer had deleted the data and would not sell it to anyone.
Also Read | Optus cyber attack: Australia plans privacy change, says prime minister
The purported attacker released a text file of 10,000 records on Monday, and said he will leak 10,000 each day for the next four days unless Optus pays them the ransom. On Tuesday morning, the original post with the links to the data was deleted and the alleged person apologised for attempting to sell the data.
“Too many eyes. We will not sale [sic] data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” they said.
“Sorry too [sic] 10,200 Australian whos[sic] data was leaked.
“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you.”
The Optus attack has affected up to 10 million customers. Driving licence or passport number were leaked of around 2.8 million people. The alleged attacker said the data was obtained through an opening Optus had left accessible in its network, and the company had not yet contacted them.
Operation Hurricane has been launched under which Australian federal police is working with overseas law enforcement authorities to determine the culprits. Email addresses from the Department of Defence and the Office of the Prime Minister and Cabinet are a part of the released records.
Also Read | Australia’s second-largest telecom company reports major data breach in cyberattack
Guardian Australia reported that they have verified the file contains records with people’s names, dates of birth, email addresses, phone numbers, postal addresses, and in some cases, licence numbers, passport numbers and Medicare card numbers.
The home affairs minister, Clare O’Neil, said on Tuesday she was “incredibly concerned” about Medicare numbers being included in the data.
“Medicare numbers were never advised to form part of compromised information from the breach,” she said.
There are approximately 20 state and federal government emails listed in the dump, including four from the Department of Defence, and one from the Department of the Prime Minister and Cabinet.
(With inputs from agencies)
