Hacker Claiming Responsibility Demands Payment for Data
Some Users Comment "Interested in Buying Data"
Australian Government Pushes for Mandatory Notification of Personal Data Breaches
Optus, the second largest telecommunications company in Australia, suffered a hacking attack resulting in the massive leak of personal information of 9.8 million customers. Photo by Asia Economy
[Asia Economy Reporter Bang Je-il] Optus, Australia's second-largest mobile carrier, is facing growing concerns over secondary damage after a hacking attack led to the massive leak of personal information of 9.8 million customers.
In particular, the incident has escalated as the person claiming responsibility for the attack is demanding $1 million AUD (approximately 1.43 billion KRW) in exchange for returning the personal data.
According to The Australian and other daily newspapers, on the 24th, an anonymous user using the nickname "Optus Data" posted two sets of data presumed to be Optus customer information on the hacker community site "Breach Forums."
Optus Data, claiming to be behind the hacking incident, stated, "User data will be sold for $150,000 AUD (about 214 million KRW), address information for $200,000 AUD (about 286 million KRW), and all information together for $300,000 AUD (about 429 million KRW). However, if Optus purchases it, I am willing to sell it exclusively for $1 million AUD."
They added that all transactions would be conducted using the cryptocurrency "Monero" and that they would wait for Optus's response for one week without selling the data.
The sample data released by Optus Data included about 100 subscriber details such as names, dates of birth, email addresses, physical addresses, passport numbers, and driver’s license numbers.
Jeremy Kirk, editor of Information Security Media Group (ISMG), said the sample data appeared to have come from Optus. Some users commented on the post expressing interest in purchasing the data.
As the incident escalated, the Australian Federal Police warned, "Purchasing stolen information is illegal and punishable by up to 10 years in prison." The Australian government also announced that it is working on amending the Privacy Act to minimize customer damage in the event of data breaches.
Under current Australian law, banks find it difficult to take additional preventive measures to protect accounts because they cannot obtain information about personal data theft from other service providers.
The leaked information in this hacking incident did not include bank account details. However, concerns have been raised that in similar future hacking incidents, criminals might gain unauthorized access to bank customer accounts or open fake accounts for criminal purposes.
Claire O'Neill, Minister for Home Affairs, stated regarding this incident, "If a significant data breach affecting customers occurs, we plan to require banks and financial institutions to promptly notify the public."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
