Previous
Australian Telecom Optus Exposes Data Of 2.1 Million Customers
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Dušan Trojanović / Last Updated: 10/23/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
Summary Of The Attack
- On October 3, 2022, Australian mobile company Optus confirmed that a cyberattack last month had exposed the government identification numbers of 2.1 million of its customers.
- The Disclosure came following the leak of 10,000 Optus customer records, which included user information such as names, birthdates, home, and email addresses, phone numbers, and personal identification numbers.
- The threat actor had first tried to blackmail Optus by demanding a $1 million ransom in exchange for them not disclosing or selling the stolen data.
- The actual data breach appears to have been caused due to improperly configured security protections on an API endpoint, but still, there is no proper understanding in Optus of how the incident occurred.
What Happened?
On October 3, 2022, Australian mobile company Optus confirmed a cyber attack last month had exposed the government identification numbers of 2.1 million of its customers.
What Was The Impact?
The Disclosure came following the leak of 10,000 Optus customer records, which included user information such as:
- Names
- Birthdates
- Home
- Email addresses
- Phone numbers
- Personal identification numbers
14,900 genuine Medicare ID numbers were also compromised as a result of the incident.
How The Attack Happened
The actual data breach appears to have been caused due to improperly configured security protections on an API endpoint, but still, there is no proper understanding in Optus of how the incident occurred or how to stop it from happening again. Optus has hired Deloitte to conduct an independent external review of the company’s security systems and processes.
At least one number from a current, legitimate form of identification, along with personal data, has been compromised for about 1.2 million clients.
These customers have been contacted by Optus, and it has been suggested to take steps to update their identification documents.
Along with personal information, numbers related to expired IDs have been exposed to about 900,000 customers. Optus consults with authorities on what additional actions clients should take.
The Ransom Demand
The threat actor had first tried to blackmail Optus by demanding a $1 million ransom in exchange for them not disclosing or selling the stolen data.
The hacker posted the personal information of 10,000 clients, including names, addresses, phone numbers, and dates of birth, on a hacking site after not being paid.
Optus can confirm for the 7.7 million clients for whom the leaked information did not contain valid or current document ID numbers after carefully analyzing the data for the company’s 9.8 million customers with the assistance of government agencies.
Information like email addresses, birth dates, or phone numbers was included in the data. For these clients, it’s critical to use caution.
What Is Optus’s Response?
Customers whose current ID documents were affected by the cyberattack received emails or SMS messages from Optus informing them that their ID document information had been compromised and outlining what they should do. Additionally, Optus contacted clients whose IDs had expired to inform them that their IDs had been compromised.
Customers who have been informed that both their license number and card identification number have been compromised are urged to update their license number as soon as possible because the danger of identity fraud increases when this information is made public.
Customers are still advised to submit an application for a new license number even if only their license number was compromised.
More than 10,000 clients had their records put online, and the Australian Federal Police is currently conducting two investigations into who obtained and sought to sell the data and protections for those customers.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
How Optus Could Have Prevented This Attack
If Optus had proper API monitoring in place, the transfer of sensitive data to the Internet, the lack of authentication, and the exposure of the testing API to public Internet traffic would have all been discovered, notified to, and addressed by Optus much earlier than a post to a data-leak forum.
The effects of the Optus data breach are still being felt, and a class action lawsuit is now a very real possibility.
Protecting a company and its clients from harmful data attacks requires a combination of technologies, training, and building a culture of security awareness.
Related Articles
Dušan Trojanović
Dušan is a Senior Security Engineer actively working as a penetration tester in DevSecOps projects. He is also an avid security researcher bringing forward analysis on the latest attacks and techniques.
Recent Attacks
- Top 10 Cyber Attacks In 2022
- Top 10 Vulnerabilities In 2022
- Rackspace Ransomware Attack
- Dropbox Suffers Data Breach
- Iranian APT Uses Log4j
- Google SEO Poisoning Campaign
- Killnet DDoS Target Airports
- Advocate Aurora Health Data Leak
- Microsoft 2.4 TB Data Leak
- Optus Exposes 2.1M Customers
- $570M Binance Coin Hack
- TikTok Denies Cyber Attack
- NATO Data Leak
- Uber’s Systems Compromised
- Cisco Cyber Attack
- Samsung Exposes PII
Popular Articles
HEALTHCARE
GOVERNMENT
CRYPTO