A hacker purporting to be behind the massive Optus data breach has released the confidential details of 10,000 customers on an online forum.
The anonymous user, known only as ‘Optusdata’, released the confidential records – many containing passport and driver’s licence numbers – on an online data breaching forum. They were just a small percentage of the more than 11 million pieces of sensitive data accessed.
The hacker had demanded a $US1 million ransom from Optus and said he/she would release 10,000 more user records each day until the ransom was paid.
But in a shock twist, the hacker has now claimed the stolen data has been deleted and issued an apology to Optus customers, the Herald Sun reports.
Read: How not to tell customers their data is at risk
“We will not sale [sic] data to anyone,” the user wrote in a post on the same data breaching forum.
“Too many eyes. We will not sale [sic] data to anyone. We can’t if we even want to: personally deleted data from drive (only copy).
The hacker said Australians should not see widespread fraud committed due to the breach, but that the 10,000 consumers already affected may still be impacted.
“Sorry too [sic] 10,200 Australian whose data was leaked,” the hacker wrote.
“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you.”
Read: Apple’s PassKeys update could make traditional passwords obsolete
This may be good news for Optus customers, provided the post is legitimate, but the situation is still a very real problem for Optus.
The company is facing a potential class action, with law firm Slater and Gordon announcing it would begin an investigation.
“This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed,” Slater and Gordon senior associate Ben Zocco told The Australian.
Optus was blasted by home affairs minister Clare O’Neil in question time and she vowed to overhaul laws regarding the storage of sensitive customer data.
Read: Telco fined for breaching phone scam rules
“Responsibility for the security breach rests with Optus and I want to note that the breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” she said.
Optus CEO Kelly Bayer Rosmarin claims the data was protected as well as it could be, and that the hack was a result of dedicated ‘bad actors’.
“We are not the villains,” Ms Rosmarin said.
“We definitely know this is the work of some bad actors, and really they are the villains in this story.
“It’s clearly not as simple as has been written in the press, but what I can say is our customer data is encrypted and there are multiple levels of security.”
Were you one of the 10,000 unlucky Optus customers? Are you concerned about how your private data is stored? Let us know in the comments section below.
