The sensitive details of 10,000 Australian customers have reportedly been released by the hackers behind last week’s massive Optus data breach.
The illegally obtained information includes passport and driver’s licence numbers, dates of birth and home addresses, according to cyber security researcher and writer Jeremy Kirk from ISMG Corp.
Mr Kirk, who says he has been in contact with those responsible for the attack on the telco, said they were also threatening to release the same number of records every day until a $1.5 million ransom is paid.
“Bad news. The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand,” he tweeted on Tuesday morning.
Government Services Minister Bill Shorten said Optus needed to do better.
“Based on what I’ve been told, Optus hasn’t done enough … to protect their customers and their follow up needs to be much more diligent,” he told the Nine Network’s Today.
“I think it’s time for … a big overhaul of how our data is kept by big corporations.
“We’re doing everything we can to apprehend the hackers but there is no doubt the defences of the company were, as I’ve been informed, inadequate.”
Mr Shorten said the hack raised questions about how much of people’s data big companies should keep and for how long.
Home Affairs Minister Clare O’Neil told the ABC on Monday the attack was not “sophisticated”.
A federal police investigation has been launched into the data breach, which has affected 9.8 million Australians.
Operation Hurricane has been established by the AFP to identify the people behind the breach, as well as prevent identity fraud of those affected.
Assistant Commissioner of Cyber Command Justine Gough said the investigation into the source of the data breach would be complex.
The task force will work with the Australian Signals Directorate, overseas police as well as Optus.
Opposition cyber security spokesman James Paterson told Sky News the government bore some responsibility and criticised its response to the hack as “slow”.
Slater and Gordon Lawyers are investigating whether to launch a class action lawsuit against Optus on behalf of former and current customers.
Class actions senior associate Ben Zocco said the leaked information posed a risk to vulnerable people, including domestic violence survivors and victims of stalking.
Ms O’Neil launched a scathing attack on Optus in parliament on Monday.
She said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.
The minister called on the telco to provide free credit monitoring to former and present customers who had their data stolen in the breach.
Optus has announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.
Payment details and account passwords have not been compromised.
© AAP 2022