A suspected attacker who demanded a ransom payment from Optus in exchange for millions of customer records posted 10,000 records online Tuesday before withdrawing the threat and dropping all the claims.
On Monday evening, the alleged attacker uploaded a text file containing 10,000 records to a data breach website and promised to release 10,000 more records every day for the next four days unless Optus pays $1 million in cryptocurrency.
The text leak included names, dates of birth, email addresses, driver’s license numbers, passport numbers, Medicare numbers, phone numbers, and address information. It also included more than a dozen email addresses from federal and state governments, including four from the Department of Defense and one from the Prime Minister’s and Cabinet Offices.
But by late Tuesday morning, the alleged attacker had apparently changed his mind, deleting his posts and claiming he also deleted the only copy of the Optus data.
“Too many eyes. We will not sell [sic] data for everyone. We can’t, if we even want to: personally delete data from drive (copy only),” they said in a new post.
“I’m sorry too [sic] 10,200 Australian whos [sic] Data was leaked.
“Australia will not benefit from fraud, this can be monitored. Maybe for 10,200 Australians, but the rest of the population no. I am very sorry.”
The alleged attacker apologized to Optus and said they would have reported the exploit if Optus had allowed reporting. Optus said no ransom was paid.
This sudden turnaround will bring no relief to Optus customers who are stressed about falling into the gap.
Optus still claims the breach was due to a “sophisticated attack,” while the federal government claims it was due to a mistake by the company that leaked the data online.
It is unclear whether the alleged attacker got hold of the customer data – and whether he was the only party.
Attorney General Mark Dreyfus confirmed on Tuesday that the US Federal Bureau of Investigation is supporting the Australian Federal Police operation to find out who may have accessed the data and who is trying to sell it.
There are suggestions that scammers are already trying to capitalize on the breach by targeting Optus customers.
The Commonwealth Bank of Australia (CBA) said Tuesday it had suspended an account referenced in a text message in a bid to extort $2,000 from Optus data breach victims.
The SMS told victims that if they didn’t pay the money, “your data will be sold within 2 days and used for fraudulent activities”.
A CBA spokesman said the bank was “aware of a text message attempting to solicit money and referral to a CBA bank account following the Optus data breach and we have identified and suspended that account.”
The block means that no money can be transferred to the account. It is understood that no money was transferred to the account between the time the SMS was sent and when CBA blocked it.
“We continue to work closely with the Australian Federal Police and other investigative, governmental and regulatory agencies to limit the impact of fraud and fraud that has arisen from the events of the past few days,” the CBA spokesman said.
Details of the text message were first reported on Twitter by a reporter from Nine Entertainment on Tuesday morning.
CBA also said it also offers customers a free service called SavvyShield, which makes it easier for people who believe their identities have been compromised to block requests about their credit history and stop attempts to apply for credit on their behalf.
#Alleged #Optus #hacker #apologizes #data #breach #drops #ransom #threat
