Australian federal government has blamed Optus, Australia’s No. 2 telecoms operator, for the cyber security issue, flagged an overhaul of privacy rules and higher fines.
Optus has tried to conceal the magnitude of the data breach, the government said.
Optus Chief Executive Kelly Bayer Rosmarin said there was lot of misinformation out there.
“Given we’re not allowed to say much because the police have asked us not to, what I can say … is that our data was encrypted and we had multiple players of protection,” Kelly Rosmarin told ABC Radio.
“So it is not the case of having some sort of completely exposed API (application programming interface) sitting out there,” Kelly Rosmarin added. API allows two or more computer programs to communicate with each other.
Kelly Rosmarin said Optus had briefed authorities after the government’s initial review of the incident. She said most customers understand that “we are not the villains” and that the company had not done anything deliberate to put data at risk.
Minister For Cyber Security Clare O’Neil said reports suggested the government’s health insurance identification numbers formed part of the breach and that they were being offered for free and for ransom.
“Medicare numbers were never advised to form part of compromised information from the breach,” O’Neil said. “Consumers have a right to know exactly what individual personal information has been compromised.”
Singapore Telecoms-owned Optus revealed last week that home addresses, drivers’ licenses and passport numbers of up to 10 million customers had been compromised in one of Australia’s biggest data breaches.
Australian media reported that hackers have backtracked from their ransom demand of $1 million in cryptocurrency for not releasing sensitive data.
Stolen data posted in an online forum has been deleted and hackers have apologised to Optus, the reports said.
