After Australian telecommunications company, Optus was hacked last week, the federal government has decided to reform and enhance the country’s cybersecurity infrastructure. Among the measures, banks will now be immediately informed about data breaches in the corporate world.
On September 24, Optus suffered a breach putting the data of over 9 million users at risk. Though the exact number of impacted users has not been confirmed, the company’s chief executive officer Kelly Bayer Rosmarin stated that the figure is expected to be significant. The incident led the government to plan for more robust measures that are expected to be made public in the coming days.
On Monday, Prime Minister Anthony Albanese told local radio that the hacking of Optus was a “huge wake-up call” and it was necessary to initiate reforms that alert financial institutions of cyberattacks and help them to “protect their customers,” Al Jazeera reported.
What changes are suggested
While previously, banks and other institutes were not a part of the preventive measures, they will now be alerted along with details of the compromised account. This will enable banks to monitor suspicious activities in the vulnerable customer’s account.
Minister for Home Affairs of Australia Clare O’Neil and her federal ministerial colleagues met the Australian Signals Directorate and the Cyber Security Center on September 24 to discuss the incident. On the same day, O’Neil shared a tweet stressing the need for companies to do more work to prevent such instances.
Australian companies must do all they can to protect their customers’ data. I will have much more to say in coming days about the Optus cyber attack and what steps need to be taken in the future.
— Clare O'Neil MP (@ClareONeilMP) September 24, 2022
Hacker claims responsibility for Optus
Following the attack on Optus, an undetected hacker came forward with a ransom demand of $1.5 million. The demand was made in Monero, a cryptocurrency, claiming that they possess sensitive data belonging to nearly 11.2 million customers. The hacker posted a message on a forum that read, “Optus if you are reading! price for us to not sale data is 1.000.000$US We give you 1 week to decide.” The hacker also posted some samples of the customer data on the forums.
Researchers, including Jeremy Kirk from the Information Security Media Group (ISMG), investigated samples of the data posted on the forum and found that it aligned with genuine customer data.
On September 25, the federal police informed the Australian news website news.com.au that they were alerted about someone claiming responsibility for the Optus data breach. According to the report, the federal police are now monitoring the data breach findings and the ransom demand while looking into the possibility of the stolen data being sold on the dark web.
Optus offers free credit monitoring, but customers unhappy
While Optus claims to have provided free assistance to its users, customers have complained of a lack of support from the credit monitoring services. Many came forward to express their grievance about being asked to pay for services. Some claimed they charged close to $1000 while trying to switch service providers.
Amid these circumstances, Optus may also suffer a class action lawsuit due to the breach of privacy of millions of users in the hands of the law firm Slater and Gordon Lawyers.