Australian authorities said on Friday they have commenced an operation to protect the personal information of 10,000 people whose data may have been shared online after a cyber attack on Optus, the country’s second-largest telco.
The efforts come three days after an unidentified person posted online that they had released personal details of 10,000 Optus customers and would keep doing so daily until they received $1 million.
The Australian Federal Police (AFP) assistant commissioner for cyber command Justine Gough said the agency was working to identify and protect the same number of people whose “details have been unlawfully released.”
The targeted operation, which is in addition to a global operation to track down the hacker, is the most public acknowledgment to date by police about the threat to customers, although Gough declined to comment specifically on the ransom post.
Since the Singapore Telecommunications-owned telco first reported the theft of the data of up to 10 million accounts on Sept. 22, equivalent to 40% of Australia’s population, authorities have declined to comment on their investigation.
“We are concerned that those 10,000 people may have had their 100-point identification compromised,” Gough told reporters.
Under Australian law, official documents are assigned point scores that can be used for identity verification purposes to clear sensitive transactions, which typically demand at least 100 identification points.
The stolen data included passport numbers, which are worth 70 points, and drivers license numbers, which are worth 40 points, Optus has said.
Gough said police were running data analysis to identify the 10,000 customers, monitoring the internet for signs of criminals trying to sell the data and putting banks on high alert for suspicious transactions.
While she also did not comment on the ransom post – which was retracted within hours – Gough said authorities around the world including the U.S. FBI were pursuing multiple leads.
“Whoever is behind this attack has used obfuscation techniques,” she added.
Prime Minister Anthony Albanese said on Friday Optus had agreed to his public demand the previous day to pay the cost of replacing passports of compromised customers.
“Optus have responded to my request,” Albanese told reporters. “They will cover the cost of replacing affected customers’ passports. I think that is entirely appropriate.”
Some Australian state governments have said they will replace drivers licenses of compromised Optus customers.
Optus did not immediately respond to emailed request for comment.
(Reporting by Byron Kaye, Lewis Jackson and Praveen Menon; editing by Sam Holmes)
Interested in Cyber?
Get automatic alerts for this topic.