Australia has asked the American FBI to help catch computer hackers responsible for one of Australia’s biggest data breaches. Personal details, including home addresses, driver license and passport numbers, of more than 10 million customers of the Singapore-owned telecom giant Optus were stolen.
A massive amount of personal information about Optus customers in Australia was stolen and an extortion threat made to the company. But then there was an apparent twist. An apology was issued on an online forum by an account that investigators believe belonged to the alleged hacker, who had been unnerved by the attention the case had generated.
“Too many eyes,” it read. “We will not sale (sic) data to anyone. Sorry to 10.2m Australians whose data was leaked. Ransom not paid but we don’t care anymore.”
The Australian government has blamed Optus, one of the biggest telecommunications companies in the country, for the breach. Australia’s cybersecurity minister, Clare O’Neil, said the company had made it easy for hackers to get in.
“What is of concern for us is how what is quite a basic hack was undertaken on Optus,” she said. “We should not have a telecommunications provider in this country which has effectively left the window open for data of this nature to be stolen.”
But Optus Chief Executive Officer Kelly Bayer Rosmarin denied the company’s cyber defenses were inadequate. She said the data was encrypted and there were multiple layers of protection. But for many Optus customers, there is deep anxiety that their personal information has been compromised.
The FBI has joined the hunt for the Optus data thieves.
Frank Montoya Jr, a former FBI special agent, told the Australian Broadcasting Corp. that a foreign government could be involved.
“We try to determine if it is a nation state or if it is a criminal enterprise,” he said. “Now, that can be a challenge, too, because sometimes the nation state is the criminal enterprise, and I think of North Korea, for instance, and how they go after these databases for various reasons. But sometimes it is just about selling it on the dark web so they can get access to hard currency.”
Australian cyber security experts have warned that unless companies do more to protect their customers’ personal information, a data breach like the Optus theft could happen again.