Published:
27 September 2022
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0190.3 Optus Data Breach 27 September 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Optus Data Breach Resolution: None Revision History: September 27 2022: Advisory updated September 26 2022: Advisory updated September 23 2022: Initial Release OVERVIEW News has emerged that personal data of potentially millions of customers may have been compromised due to a cyber attack targeting Optus. Recent developments include reports of a ransom being demanded from Optus to prevent the sale and disclosure of the full customer records [1][2][3]. Further reports indicate that the hacker released the details of 10,000 customers on the 27th of September in order to further pressure Optus to pay the ransom, and then later that same day claimed to have destroyed all relevant data, apologised and is no longer pursuing the ransom [4][5]. IMPACT The information which has exposed as a result of the attack may include: *Customer Name *Date of Birth *Email Address *Physical Address *Phone Number associated with the account *Numbers of the ID documents such as Passports and Drivers Licenses *Medicare Details MITIGATION Optus has advised its customers to: - Look out for any suspicious or unexpected activity across online accounts,including bank accounts and report any fraudulent activity immediately to the related provider. - Look out for contact from scammers who may have customers' personal information. This may include suspicious emails, texts, phone calls or messages on social media. - Never click on any links that look suspicious and never provide passwords, or any personal or financial information. The Australian Cyber Security Centre has released an advisory regarding this incident with a helpful selection of additional steps to take and resources to access for those potentially impacted by this breach [6]. IDcare also has released an advisory [7]. AusCERT is aware of the situation and will monitor the situation should any actionable indicators of compromise be released. REFERENCES [1] Optus notifies customers of cyberattack compromising customer information https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack [2] Optus Under $1 Million Extortion Threat in Data Breach https://www.bankinfosecurity.com/optus-under-1-million-extortion-threat-in-data-breach-a-20142 [3] Significant customer data exposed in attack on Australian telco https://www.theregister.com/2022/09/23/cyberattack_optus/ [4] Optus hacker releases 10,000 alleged customer records, then recants https://www.smh.com.au/technology/optus-hacker-releases-10-000-customer-records-20220927-p5bl7x.html [5] Alleged hacker apologises to Optus after data of 10,000 customers reportedly released https://www.news.com.au/technology/online/hacking/alleged-optus-hacker-claims-10000-customer-records-leaked/news-story/618fa8fa7de7fea00e281958c36a67f4 [6] Optus notifies customers of cyberattack compromising customer information https://www.cyber.gov.au/acsc/view-all-content/alerts/optus-notifies-customers-cyberattack-compromising-customer-information [7] Response Fact Sheet - Optus Data Breach https://assets.website-files.com/5af4dc294c01df9fc297c900/632e67b2ca8ee2c0a1e7361b_IDCARE%20Response%20Fact%20Sheet%20-%20Optus%20Data%20Breach.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYzKwV8kNZI30y1K9AQi1jg//QpD9Vau7OqR8tPEKQ5HEfTCnqvl4P4Zy rM4aPBsCtI/iavodz+fITnSgDhQI/Zm4TYTzt/HSiL0x3you3V5HaHm4uBSOEOvh AkUBuipJe4m9gVsND7Aw/8hYkLshMWmCJ7RBRpfM7Rfn1on9sUUiK+8BbcsMQJkx HW/nvevxVsLgeJvocWaZ+W3esjvN/5zVXTJkfh/OgYpd8kAzSX0LC3vzQSbzdTT4 BHJNYGNrAdrb6YtJ6at9+tHJEWrlxCdh4l5N6AVPmGz/G3Zg2TbJ3iSyGntZ8QJa f3e98mQYfrmEVrB5DcIeg9zYdBT5ASZXku5GgyB3BZvCtockg9l7Ug6Ik8ckhLWJ x21d2+PZoj+z4LohrWIi4GPMdqJSbkqS7rxXU0cuBCYldrpULFmCT6HMOqjlWtYV nwaWXt4XCMKjbNg3mTkax4Ck//N4d8yaLS7K9TvtHjPWxPXHcAx5+c9ElGP42eFn 7YHY9Y6f8ggZFxhmSLWxOBEyytRWBH8jJ+/aFhLTK6QamKFCWBpxCIEgMfjBQXEm qtQ9YgiEJuEkrZHBTtfOZtRZYA0KceKkzgj5FrDF7ify4db3+FAeYZ25w8dbuAut FWekLGi2hUClAWQ02uNMcMq0aY09WN5u2mC+wdV8jq6lgNSv2+uNISndWIMDMNNW QuoCSPoOlE8= =uVz3 -----END PGP SIGNATURE-----