Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Crikey
Crikey
National
Cam Wilson

The Optus hacker is being treated as the real deal by the government. Its apology can’t be trusted

The federal government’s response to the Optus cyberattack all but confirms that the alleged hacker who tried to extort the company is the real deal — and that’s bad news for those affected.

Before the anonymous “Optusdata” user deleted its extortion threat off a popular hacking forum yesterday, the account posted a sample of what it claimed were 10,000 Optus customers’ details. This sample included dozens of Medicare numbers, a piece of personally identifiable information that Optus had not included in its disclosures about the cyberattack. 

Optus would not comment on whether Medicare numbers were compromised. Albanese government ministers, on the other hand, were quick to voice their concerns.

Home Affairs and Cyber Security Minister Clare O’Neil released a statement yesterday saying she was troubled by reports about Medicare numbers being leaked: “Medicare numbers were never advised to form part of compromised information from the breach.”

Attorney-General Mark Dreyfus and Health Minister Mark Butler reiterated concerns about Medicare details being made public, the latter saying the government was considering allowing people to get new Medicare numbers.

The reaction by senior ministers suggests that the Optusdata account is being treated by the government as belonging to those responsible for the cyberattack, and not an opportunistic scammer trying to extort the company. 

O’Neil has been briefed by security agencies and Optus. Her criticism of the telecommunication company only makes sense if she believed that the anonymous extortionist was releasing real information obtained from Optus.

Hacker’s apology is not the end of the matter

Despite some celebrating the hacker’s apology and promise to delete the data, co-founder of cyber firm Internet 2.0 Robert Potter warned against taking it at its word.

“I would treat any commentary from an anonymous hacker with a grain of salt until it’s verified by law enforcement,” he said.

So far, little is known about the Optusdata account. It claimed there was a pair of them behind the attack, that it wanted US$1 million to “retire” and wrote in a way that suggested that English wasn’t the user’s first language. All that information is based on a handful of posts made by the user without any corroborating evidence. 

There is no guarantee for users that the hacker has deleted their data, that they won’t pop up again with a new extortion or use the data in another way.

Potter said the millions of Australian caught up in the data breach will need to be vigilant about the use of their data from now on: “People should assume that the documentation is gone for good once it’s taken.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.