Alleged Optus hacker’s ominous warning over compromised customer data

The sensitive personal details of 10,000 Optus customers have reportedly been exposed by the alleged hacker behind the recent large-scale data breach that saw millions of customers across the country have their private information compromised.

The data breach is thought to have compromised information such as customers’ names, dates of birth, phone numbers, email addresses, and in some instances address details and ID document numbers such as driver’s licence or passport numbers.

Optus stressed that payment details and account passwords have not been compromised as the telco scrambles to secure the information of millions of its customers.

Those impacted by the breach have now been dealt another devastating blow after reports indicated that 10,000 customer records had been released with what appeared to be an ultimatum to the telco that more personal data would be exposed unless a ransom was paid.

Cyber security researcher, Jeremy Kirk from ISMG group, who claims to have been in contact with the hackers, delivered the “bad news” via Twitter where he claimed, “the Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand”.

Bad news. The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand. #OptusDataBreach #optushack #auspol #infosec pic.twitter.com/NuGe7Pup8l

— Jeremy Kirk (@Jeremy_Kirk) September 26, 2022

Alongside the caption, Kirk featured a screenshot of a message allegedly delivered by the hacker in the threat of further releases being made unless certain demands were met.

“If you care about your customer you will pay,” the message read.

“If 1.000.000$US pay (sic) then data will be deleted from drive. 4 more days to decide Optus.

“Since they not payed (sic) yet here is 10.000 record from address file. Will release 10.000 record every day for 4 day (sic) when they not (sic) pay.”

In response to the breach, Optus CEO Kelly Bayer Rosmarin said “we are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer’s personal information to someone who shouldn’t see it”.

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” Rosmarin said.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.

“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”