In a surprising new twist to the Optus hacking saga, the individual or group behind the data breach appears to have rescinded their ransom demand, and now claims they will no longer sell or leak the stolen user data, saying they have deleted the only copy they had.
In a screenshot which has been shared on Twitter by Jeremy Kirk, a cybersecurity journalist, the online poster also apologises to affected users.
“Too many eyes. We will not sale [sic] data to anyone,” writes the user. “Sorry to 10,200 Australian [sic] who’s data was leaked.”
“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian [sic] but rest of population no. Very sorry to you. Deepest apology to Optus for this. Hope all goes well from this,” the post reads.
The proclaimed hacker’s backflip on the ransom demand has not been verified by the Australian Federal Police (AFP) or Optus.
The old post is now deleted. The data samples are gone. Here is the new post (ht to @allyjfoster for sending it to me while I was out getting cat food). pic.twitter.com/BzFWX4PaM7September 27, 2022
Hacker claims to release details of 10,000 users
Previously, the hacker had made an online ransom demand of US$1 million. The account claiming to have the stolen data also claimed to have released the information of 10,000 users to prove that the data was legitimate.
The online poster, using the screen name ‘optusdata’, had threatened to continue releasing the personal records of 10,000 Optus customers each day until the ransom was paid.
At the time of publication, neither Optus or the AFP had confirmed the validity of the account claiming to have the stolen data, however AFP Assistant Commissioner Cyber Command, Justine Gough, said in a statement: “We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities.”
Kirk had reported that information in the 10,000 leaked records does appear to be legitimate, and that it also appears to contain Medicare numbers – an identity document that Optus has previously not confirmed was included in the hacking.
It has also been claimed that the forum which is being used by the self-proclaimed hacker is itself spreading malware.
Bad news. The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn't give into the extortion demand. #OptusDataBreach #optushack #auspol #infosec pic.twitter.com/NuGe7Pup8lSeptember 26, 2022
Australian minister 'incredibly concerned'
Australia’s minister for Home Affairs and Cyber Security, Clare O’Neil, has released a statement on the reported hacker’s ransom demand.
“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom,” O’Neil said.
“Medicare numbers were never advised to form part of compromised information from the breach. Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”
The Home Affairs minister said on the ABC’s 7:30 program last night (Monday, September 27) that 9.8 million individuals have had their personal information stolen, including dates of birth, phone numbers and email addresses.
She said that the government was particularly concerned about a subset of these customers, around 2.8 million, who have had their identity data stolen, including licence and passport numbers, which puts these individuals at a higher risk of fraud.
Minister for Cyber Security @ClareONeilMP says Australia is "probably a decade behind" in privacy protections, and the government "has to be involved when the stakes are this high" following Optus' cyber security breach. Watch her full interview with Laura Tingle below. #abc730 pic.twitter.com/Mk791iOehlSeptember 26, 2022
