Optus, Australian govt clash over cyber attack amid reports of hacker retreat


SYDNEY, (Reuters) – Australia’s No. 2 telecoms firm Optus, hit by a massive cyber attack, faced a barrage of criticism on Tuesday, with the government accusing it of trying to conceal the magnitude of the breach even as reports said hackers had deleted stolen data. ​​

The Australian federal government has blamed Optus for the breach, flagged an overhaul of privacy rules and higher fines, and suggested the company had “effectively left the window open” for hackers to steal data. Optus Chief Executive Kelly Bayer Rosmarin said there was lot of “misinformation out there”.

“Given we’re not allowed to say much because the police have asked us not to, what I can say … is that our data was encrypted and we had multiple players of protection,” Rosmarin told ABC Radio.

“So it is not the case of having some sort of completely exposed API (application programming interface) sitting out there,” Rosmarin added. An API allows two or more computer programs to communicate with each other. Rosmarin said Optus had briefed authorities after the government’s initial review of the incident. She said most customers understand that “we are not the villains” and that the company had not done anything deliberate to put data at risk.

Minister For Cyber Security Clare O’Neil said reports suggested the government’s health insurance identification numbers formed part of the breach and that they were being offered for free and for ransom. “Medicare numbers were never advised to form part of compromised information from the breach,” O’Neil said. “Consumers have a right to know exactly what individual personal information has been compromised.”

Singapore Telecoms-owned (STEL.SI) Optus revealed last week that home addresses, drivers’ licenses and passport numbers of up to 10 million customers had been compromised in one of Australia’s biggest data breaches.

Australian media reported on Tuesday that hackers have backtracked from their ransom demand of $1 million in cryptocurrency for not releasing sensitive data.

Stolen data posted in an online forum has been deleted and hackers have apologised to Optus, the reports said. Reuters could not immediately verify the accuracy of the reports.

The Australian Federal Police has been working closely with overseas law enforcement agencies, including the FBI, to find the perpetrators, authorities said.

Australia’s Council Of Financial Regulators, which includes the central bank, on Tuesday said its members have been working together in response to the cyber attack.