Tuesday 27 September 2022 09:35 AM Optus data breach: NSW Government replace driver's licenses stolen as hacker ... trends now
The New South Wales Government confirmed it will replace all driver's licenses compromised by Optus' massive data leak.
Up to 10millions Australians at at risk of having their private and sensitive information sold online after a hacker infiltrated the telecommunication giant's system and raided the details of its current and former customers.
Victor Dominello, the NSW Minister for Digital and Customer Service, confirmed on Tuesday evening they would cover the $29 cost of replacing licenses impacted by the online espionage.
'Firstly I am sorry it has taken several days to reach this landing. People are understandably stressed and need a pathway forward,' he posted to his Twitter account.
The New South Wales Government confirmed it will replace all driver's licenses compromised by Optus' massive data leak
Mr Dominello said Optus would be contacting its customers who need to apply for a new license in the coming days.
'People in NSW with a digital driver licence will have an interim card number issued instantaneously via the Service NSW app. A new plastic licence card will be issued within 10 business days,' he said.
'The cost to replace your driver licence is $29 and will be charged by Service NSW at the time of application – reimbursement advice will be issued by Optus to customers in the coming days.'
Anyone concerned over their identity possibly having being leaked should contact ID Support NSW on 1800 001 040.
Victor Dominello confirmed on Tuesday evening the government would cover the $29 cost of replacing licenses impacted by the online espionage
The hacker claiming to be responsible for the data breach suddenly apologised for the cyber-attack - as customers receive threatening text messages demanding they pay $2,000 to have their details erased.
In a bizarre post on Tuesday morning, 'optusdata' claimed there were 'too many eyes' on them and said they would not sell or leak the hacked data of up to 10million Australians.
In broken English, optusdata said: 'Deepest apology to Optus for this. Hope all goes well from this'.
However, Australians are now receiving threatening texts demanding they pay $2,000 to have their 'confidential information erased off the system'.
In a bizarre post 'optusdata' claimed there were 'too many eyes' on them and claimed they would not sell or leak the hacked data of over 10million Australians
The text warns Optus customers that if they do not comply, their information will be 'sold for fraudulent activity' in two days time.
The message asks the $2000 be transferred to a Commonwealth Bank account under the name 'Optusdata' and that customers send a copy of their receipt.
'Optus has left security measures allowing us to access the personal information of their customers including name, email, phone number, date of birth, address and licence number,' the text reads.
'Optus has not responded to our demand of paying the 1M$USD ransom as such as your information will be sold and used for fraudulent activity within 2 days or until a payment of $2000AUD is made then the confidential information will be erased off our systems.'
The threatening texts comes just hours after the hacker said they would release 10,000 records every day for four days if a $1.5million ransom remained unpaid.
Optus customers have received threatening text messages warning their data will be leaked unless they pay $2,000 to a CBA account (pictured, the text message)
The customer records the hacker has released so far included passport, drivers licence and Medicare numbers, as well as dates of birth and home addresses.
In their original apology, the Optus hacker claimed they would've told the telco about their vulnerability but there was no way of getting in touch.
'Optus if your (sic) reading we would have reported exploit if you had method to contact,' the apology continued.
'No security mail, no bug bountys, no way too message. Ransom not paid but we don't care any more.'
The hacker said they couldn't release more data even if they wanted to because they had 'personally deleted data from drive' which they claim is the only copy.
Cybersecurity journalist Jeremy Kirk said the apology wasn't a guarantee 'optusdata' could be trusted but said it would be the 'best outcome' for customers.
He said it was 'disappointing' others on the forum had copied the stolen data and were distributing it - despite the hacker deleting the original samples.
'This means that those 10,200 Optus users in these three data samples would be at an immediate heightened risk of fraud, ID theft,' he tweeted.
Shara Evans, a tech analyst who has worked for large telco's in the United States, believes Optus has been less than forthcoming over whether the stolen data was encrypted or not.
'If the data was encrypted the company would be on the front foot saying 'yes it's been encrypted, we're not going to tell you the exact method for security purposes',' she told Daily Mail Australia.
'Any data that someone may have gotten their hands on would be in an 'encrypted state' - whether they used encryption or tokenisation or any other methodology to scramble the data that would have solved 99.9 per cent of the problem.'
Ms Evans said Optus should have maintained separate silos for storing their customer's personal information.
'All of this stuff should have been separately kept, separately stored with audit trails, multiple firewalls and encryption,' she said.
The hacker demanded a ransom of US$1million - or $1.5million Australian - be paid in Monero, a decentralised cryptocurrency (pictured, an Optus store in Sydney)
Mr Kirk questioned the motivations behind the backflip, tweeting: 'Many questions around this: Why has this person seemingly changed their mind?'
'Can we trust this person now? What does this person mean by writing about not being able to delete the data from the drive?'
The cybersecurity journalist, who says he has been in contact with the hacker, shared details of the ransom note on Tuesday morning.
'The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn't give into the extortion demand,' he wrote on Twitter.
Early on Saturday morning, the hackers demanded a ransom of US$1million - or $1.5million Australian - be paid in Monero, a decentralised cryptocurrency which would obscure the identity of the recipient.
'We are businessmen 1.000.000$US is a lot of money and will keep too (sic) our word,' the hacker's message read.
The ransom demand came after Home Affairs Minister Clare O'Neil launched a scathing attack on Optus in parliament, saying it was a 'basic' hack (stock image)
The ransom demand came after Home Affairs Minister Clare O'Neil launched a scathing attack on Optus in parliament, saying it was a 'basic' hack.
She laid blame for the security breach, which involved 9.8 million current and former customers, at the feet of the telco.
'The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,' Ms O'Neil said on Monday.
'We expect Optus to continue to do everything
