What data was stolen, from Optus

2022 - 9 - 28

Post cover
Image courtesy of "BleepingComputer"

Optus hacker apologizes and allegedly deletes all stolen data (BleepingComputer)

The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased ...

The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. We will not sale data to anyone. [Tom Koutsantonis](https://twitter.com/tkoutsantonismp/status/1574683533729468416), announced that victims of the Optus data breach would [receive new driver's licenses](https://service.sa.gov.au/news?a=1112633) free of charge. "We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities," The threat actor also claimed that the stolen data had been deleted from their device that held the only copy and apologized to both the exposed Optus customers and the company. On September 23, 2022, a hacker using the alias "optusdata" published a small sample of the stolen data on the Breached hacking forum and demanded that the firm pay a $1,000,000 (USD) ransom or the data for 11,000,000 customers would be publicly leaked.

Post cover
Image courtesy of "The Conversation AU"

The 'Optus hacker' claims they've deleted the data. Here's what ... (The Conversation AU)

If you've been affected by the Optus data breach, the danger is far from over – no matter what the purported hacker is claiming.

Anyone who claims to be able to scrub the data from the dark web is claiming to put toothpaste back in the tube. [unexpectedly apologised](https://www.abc.net.au/news/2022-09-27/optus-data-breach-cyber-attack-hacker-ransom-sorry/101476316) and claimed to have deleted the data due to “too many eyes”, suggesting fear of being caught. The advice we provided in There is also no guarantee the data were not already sold to a third party. Anyone receiving this kind of text message should make every effort to contact their family member or friend by other means. This involves scammers posing as a family member or friend from a new phone number, often using WhatsApp, in need of urgent financial help. We have to ask: what would the hacker gain from claiming to delete them? Paying anyone who makes these claims will not increase the security of your information. [IDCare](https://www.idcare.org) for additional aid and [Cyber Report](https://www.cyber.gov.au/acsc/report) to report the crime. Instead of helping, they steal money or obtain more information from the victim. When Optus didn’t pay, the purported hacker published 10,000 stolen records and threatened to release ten thousand more every day until the ransom deadline. So this method will not be available.

Post cover
Image courtesy of "ABC News"

Optus data breach could allow fraudsters to commit range of ... (ABC News)

An expert says the data could be used by criminals to take out fraudulent loans or impersonate victims; Australian intelligence agencies are investigating the ...

"I want to reassure Australians that the full weight of cybersecurity capabilities across government … "Banks have really robust and solid systems … "I think in terms of responding to these sorts of breaches, I think we've missed the ball." "There have been previous cases where customers … "There's actually some real national security implications to the release of this information." [who] have been able to show through evidence that their identity was compromised have been able to negotiate with the bank," he said.

Post cover
Image courtesy of "Money magazine"

So you've been the victim of a mass data breach, what should you do? (Money magazine)

The Optus data breach is believed to be one of the largest in Australia's history. Here are the steps you can take if your data has been exposed.

Australians are able to access a free copy of their credit report from the three major credit reporting agencies (Equifax, Experian and illion) every 90 days, and it's also possible to place a ban on your report if you suspect that you've been a victim of identity theft. It's a totally natural reaction, which is why the ACCC's Scamwatch recommends that people keep any eye on their Or it could be used for even milder things like creating social media accounts in your name and posting hate speech or other material that will badly reflect on you." While the leak of sensitive personal information like a driver's licence number or passport number doesn't happen in every data breach, if it does occur, as it has to plenty of customers in the Optus breach, it may be worth exploring the possibility of replacing any affected identity documents - as much as a pain as that may be. "We are very sorry and understand customers will be concerned. [how to respond to a data breach notification](/click/external?r=https%3A%2F%2Fwww.oaic.gov.au%2Fprivacy%2Fdata-breaches%2Frespond-to-a-data-breach-notification&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895), otherwise if you believe you've been a victim of a scam or fraud, here are some resources and contacts that may be able to help: [Scamwatch](/click/external?r=https%3A%2F%2Fwww.scamwatch.gov.au%2F&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895) [AFCA](/click/external?r=https%3A%2F%2Fwww.afca.org.au%2F&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895)- 1800 931 678 [ACCC](/click/external?r=https%3A%2F%2Fwww.accc.gov.au%2Fconsumers%2Fcomplaints-problems&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895)- 1300 302 502 [IDCARE](/click/external?r=https%3A%2F%2Fwww.idcare.org%2Fcontact-us&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895)- 1800 595 160 [Services Australia Scams and Identity Theft Helpdesk](/click/external?r=https%3A%2F%2Fwww.servicesaustralia.gov.au%2Fwhat-to-do-if-scam-has-affected-you%3Fcontext%3D60271&f=%2Foptus-how-to-secure-your-data-mass-data-breach&g=cp-179796895)- 1800 941 126 Following the Optus data breach, the telco has stated that it will be offering some customers free access to a 12-month subscription of a credit monitoring service from Equifax. "Optus has also notified key financial institutions about this matter. One positive in the Optus case is that the telco has reported that payment information such as credit card and bank account details hasn't been compromised, but like most data breaches, the worry is that the personal details that have been stolen will be used by criminals to conduct After any data breach, one of the first steps to take is changing the password associated with the service or account which has been compromised - especially, says Heiser, if you've used that same password for multiple accounts. In recent years a number of corporate and government institutions including the likes of Canva, Bunnings, ShopBack, the Australian National University, Service NSW and the Victorian Government have been hit by data breaches which resulted in the release of the personal details of individuals. The data breach is believed to have been one of the largest to occur in Australia, with over 9.7 million current and former Optus customers stretching as far back as 2017 likely to have had at least some information such as their name, date of birth, email, phone number and address stolen.

Post cover
Image courtesy of "9News"

Optus confirms 14900 active Medicare details exposed in data breach (9News)

Thousands of Medicare card numbers have been exposed during as a result of the Optus data breach, the compa...

The identity of the hacker or hackers has not been confirmed, but MacGibbon said the consensus inside the cyber-security community was that it was not a "sophisticated" attack that led to the Optus breach. "The unfortunate thing this week, is that by all accounts, this was not a sophisticated breach." "The size of this data breach, up to 10 million Australians affected, is unprecedented here in this country," he said. "We are very concerned about the loss of the data and are working hard to deal with the consequences, but we are particularly concerned we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well," he said. "All of the customers who have a Medicare card that is not expired will be contacted within 24 hours," Optus said. The company said it will contact those customers directly "out of an abundance of caution".

Post cover
Image courtesy of "The New Daily"

Data stolen in the Optus hack? Here's what to do (The New Daily)

Details on how to access this service will be available in coming days. Medicare numbers. If you've used your Medicare card number to prove your identity with ...

- Contact the resolution and support team at Access Canberra on 13 22 81 and select option one. The former stays with you for life, and the latter changes each time your card is reprinted. - Apply online via the Access Canberra website. Optus will credit the cost of a replacement licence if ACT residents have had their driver’s licence number and licence card number compromised. In the ACT, your driver licence card includes a driver licence number and a driver licence card number. Those affected should visit a Service Tasmania shop to arrange a new licence number and a replacement licence card, and will need to bring evidence from Optus that they have been affected by the hack. The Department of State Growth will contact customers who have already applied for a replacement licence to reimburse the cost. [replacement Tasmanian licences will be free](https://www.premier.tas.gov.au/site_resources_2015/additional_releases/service-tasmania-fee-waiver) for those who can prove they have had both the licence number and card number stolen. Northern Territory driver’s licences include a licence number and a card number, which are both required for the licence data to be used for identity fraud. [WA government](https://www.mediastatements.wa.gov.au/Pages/McGowan/2022/09/State-Government-acts-to-protect-WA-Optus-customers-impacted-by-data-breach.aspx) announced new driver’s licence cards with new licence numbers will be issued to affected Optus customers for free, with their new applications to be prioritised. If your licence details have been compromised, WA residents have been told to attend a Department of Transport Driver and Vehicle Services Centre or regional agent to have a new licence issued, and provide: [‘strongly advised’ to apply for a replacement licence as soon as possible](https://www.nsw.gov.au/customer-service/media-releases/nsw-government-assisting-customers-following-optus-data-breach).

Explore the last week