By Ringo Jose and Byron Kay
SYDNEY (Reuters) – Australian telecom giant Optus came under more criticism from the government on Tuesday for a massive cyber breach, as an anonymous online account believed to be affiliated with hackers said it was deleting stolen data and withdrawing a $1 million ransom demand.
Optus, which is owned by Singapore Telecoms, the country’s second mobile phone operator, said last week that data of up to 10 million customers including home addresses, driver’s licenses and passport numbers had been compromised in one of Australia’s biggest data breaches.
An account called ‘optusdata’ on an online forum, which cybersecurity experts believe is the account of hackers, has threatened to release the data of 10,000 Optus customers every day unless they receive $1 million in cryptocurrency.
However, account holders posted on Tuesday that they had deleted data due to “too many eyes”, withdrew their ransom request and lamented that they had already leaked the data of 10,200 Australians.
Optus and the Australian Federal Police, which were working with the FBI and other external law enforcement agencies to investigate the cyber attack, declined to comment on whether they believed ‘optusdata’ account holders were behind the breach.
The Australian federal government blamed Optus for the breach, reported an overhaul of privacy rules and higher fines, and noted that the company “effectively left the window open” for hackers to steal data.
Cyber โโSecurity Secretary Claire O’Neill said she was “deeply concerned … about reports that personal information from the Optus data breach, including Medicare numbers, is now being offered free and at ransom,” referring to the government’s health insurance plan.
Optus CEO Kelly Bayer (OTC: Rosmarin) said the incident generated “a lot of misinformation” and that the company took data protection seriously.
“Since we’re not allowed to say much because the police told us not to, what I can say… is that our data was encrypted and we have multiple safeguards,” Bayer-Rosmarin told ABC Radio.
She added that most customers understand that we are “not the bastards” and that the company did nothing intentionally to put the data at risk.
Jeremy Kirk, a cybersecurity researcher and writer who said he had been in contact with the alleged hacker, tweeted that it wasn’t clear why they changed their mind, but “that doesn’t change the risk to anyone.”
“Optus data has been stolen and we cannot trust this person. No guard should be let down,” he wrote.
