Optus Data leak: Earlier this week Optus said cyber attackers acquired current and former customer data.
Optus stated Thursday that an undefined amount of customer names, dates of birth, phone numbers, email addresses, and addresses were seized in the hack.
The telco didn’t reveal when the hack occurred but believes it’s over. Optus, a subsidiary of Singapore-owned Singtel, has 10 million consumers in Australia. The Australian Signals Directorate, the country’s NSA, was notified.
Telecom, phone, and cell corporations are often targeted for their role in essential infrastructure. Nation-state-backed hackers break into telcos to spy on critics and commit espionage, while SIM-swappers rely on hacked data and insider access to carry out social engineering assaults that induce customer support or staff to hand over access to their networks.
Hackers have recently targeted Optus. In 2015, Australian telco Telstra reported its underwater cable operator Pacnet’s internal network had been infiltrated for weeks by hackers.
The Australian Federal Police launched a collaborative operation with state and territory police on Friday to protect 10,000 consumers whose data was compromised. A BreachForums user claiming to posses the dataset retracted an offer to sell it (via ABC). Operation Guardian monitors forums and other nodes on the internet and dark web for hacked data and crime prevention.
The government isn’t happy with Optus’s actions. Services Australia asked Optus for a list of consumers whose Medicare and Centrelink information was leaked on September 27, according to the ABC. Optus is silent.
“It’s been 11 days since the breach,” Bill Shorten, Minister for Government Services, said. “It is peculiar that we still can’t identify who for example used their Medicare information — their number — to be able to get identification.”
Labour wants to enhance data-handling laws. Cyber Security Minister Clara O’Neil said prior Liberal-Nationals regulations aren’t enough to handle this emergency.