Massive Optus Cyber-Attack in 2022: Lessons Learned
Optus was hacked on the 22nd of September by a hacker who claimed to have millions of Optus customer identities ranging from passports, various sorts of licenses, and all sorts of legal documentation. This hack was confirmed by Optus which determined over 9 million customers had their identities compromised. It was said that the hacker claiming to have that data, wanted to be paid a ransom of $1 million in crypto if Optus does not want the data leaked online.
On the 27th of September, the threatactor released 10,200 customer identities, stating to upload another 10,000 customer identities every day until the ransom is paid. During this time, the AFP (Australian Federal Police) ensured individuals that multiple government agencies including the FBI (‘Federal Bureau of Investigation’ based in the US) have gotten involved to secure, determine and prosecute the hacker involved and have taken every measure to act and protect the Optus customers affected by the hack. The number of agencies was later confirmed by Optus in an apology video uploaded days later stating that governments and over 20 licensing agencies were involved in the investigation.
On the same day 27th of September, hours later after the uploaded identities and the AFP statement, an apology letter was uploaded by the alleged threatactor claiming to have deleted all the data.
“Too many eyes. We will not sale [sic] data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy).
Sorry too [sic] 10,200 Australian whos [sic] data was leaked. Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you….”
On the 6th of October, a man was arrested in Sydney, who have obtained the 10,200 documents briefly uploaded by the hacker, and was sending ‘sms’ messages to those comprised Optus customers, threatening the victims for $2000 ransom or having their identity documents uploaded publicly. The Commonwealth Bank of Australia has stated an account was blocked before the victim could withdraw the $2000 for the ransom sent by ‘sms’. The man arrested was not affiliated with the recent Optus hack as confirmed by authorities.
Government agencies are not just investigating how or who is the Optus hacker but also investigating Optus’s handling of confidential data as it may be a breach of Australian privacy laws. The Office of the Australian Information Commissioner (OAIC) has launched an investigation that will look at the company's handling of customers' data.
"The OAIC's investigation will focus on whether the Optus companies took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure, and whether the information collected and retained was necessary to carry out their business," the statement said.
Researchers of the incident also have given their thoughts publicly,
“The big problem here with the Optus leak is they seem to have held the sensitive data without any real reason to. It’s very much a serious, egregious breach, it was very sloppy,” says UNSW Law school research fellow Tony Song.
Since the incident, Optus has launched ‘Project Guardian’ to independently secure each Optus customer who had their identity data exposed.
Official Numbers by Optus:
9 million Optus customers had their identity data stolen
7.7 million customers are safe from the Optus hack
2.1 million customers have had their identity data exposed
Of the 2.1 million with exposed identities, 900,000 of those identity documentation was expired. The rest, 1.2 million including the 10,200 that was made public, have been given further instruction by Optus Project Guardian to take action and secure their compromised legal documentations.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.