Published:
27 September 2022
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2022.0190.3
Optus Data Breach
27 September 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Optus Data Breach
Resolution: None
Revision History: September 27 2022: Advisory updated
September 26 2022: Advisory updated
September 23 2022: Initial Release
OVERVIEW
News has emerged that personal data of potentially millions of customers
may have been compromised due to a cyber attack targeting Optus.
Recent developments include reports of a ransom being demanded from Optus
to prevent the sale and disclosure of the full customer records [1][2][3].
Further reports indicate that the hacker released the details of 10,000
customers on the 27th of September in order to further pressure Optus to
pay the ransom, and then later that same day claimed to have destroyed all
relevant data, apologised and is no longer pursuing the ransom [4][5].
IMPACT
The information which has exposed as a result of the attack may include:
*Customer Name
*Date of Birth
*Email Address
*Physical Address
*Phone Number associated with the account
*Numbers of the ID documents such as Passports and Drivers Licenses
*Medicare Details
MITIGATION
Optus has advised its customers to:
- Look out for any suspicious or unexpected activity across online
accounts,including bank accounts and report any fraudulent
activity immediately to the related provider.
- Look out for contact from scammers who may have customers' personal
information. This may include suspicious emails, texts, phone
calls or messages on social media.
- Never click on any links that look suspicious and never provide
passwords, or any personal or financial information.
The Australian Cyber Security Centre has released an advisory regarding
this incident with a helpful selection of additional steps to take and
resources to access for those potentially impacted by this breach [6].
IDcare also has released an advisory [7].
AusCERT is aware of the situation and will monitor the situation should
any actionable indicators of compromise be released.
REFERENCES
[1] Optus notifies customers of cyberattack compromising customer
information
https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack
[2] Optus Under $1 Million Extortion Threat in Data Breach
https://www.bankinfosecurity.com/optus-under-1-million-extortion-threat-in-data-breach-a-20142
[3] Significant customer data exposed in attack on Australian telco
https://www.theregister.com/2022/09/23/cyberattack_optus/
[4] Optus hacker releases 10,000 alleged customer records, then recants
https://www.smh.com.au/technology/optus-hacker-releases-10-000-customer-records-20220927-p5bl7x.html
[5] Alleged hacker apologises to Optus after data of 10,000 customers
reportedly released
https://www.news.com.au/technology/online/hacking/alleged-optus-hacker-claims-10000-customer-records-leaked/news-story/618fa8fa7de7fea00e281958c36a67f4
[6] Optus notifies customers of cyberattack compromising customer
information
https://www.cyber.gov.au/acsc/view-all-content/alerts/optus-notifies-customers-cyberattack-compromising-customer-information
[7] Response Fact Sheet - Optus Data Breach
https://assets.website-files.com/5af4dc294c01df9fc297c900/632e67b2ca8ee2c0a1e7361b_IDCARE%20Response%20Fact%20Sheet%20-%20Optus%20Data%20Breach.pdf
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYzKwV8kNZI30y1K9AQi1jg//QpD9Vau7OqR8tPEKQ5HEfTCnqvl4P4Zy
rM4aPBsCtI/iavodz+fITnSgDhQI/Zm4TYTzt/HSiL0x3you3V5HaHm4uBSOEOvh
AkUBuipJe4m9gVsND7Aw/8hYkLshMWmCJ7RBRpfM7Rfn1on9sUUiK+8BbcsMQJkx
HW/nvevxVsLgeJvocWaZ+W3esjvN/5zVXTJkfh/OgYpd8kAzSX0LC3vzQSbzdTT4
BHJNYGNrAdrb6YtJ6at9+tHJEWrlxCdh4l5N6AVPmGz/G3Zg2TbJ3iSyGntZ8QJa
f3e98mQYfrmEVrB5DcIeg9zYdBT5ASZXku5GgyB3BZvCtockg9l7Ug6Ik8ckhLWJ
x21d2+PZoj+z4LohrWIi4GPMdqJSbkqS7rxXU0cuBCYldrpULFmCT6HMOqjlWtYV
nwaWXt4XCMKjbNg3mTkax4Ck//N4d8yaLS7K9TvtHjPWxPXHcAx5+c9ElGP42eFn
7YHY9Y6f8ggZFxhmSLWxOBEyytRWBH8jJ+/aFhLTK6QamKFCWBpxCIEgMfjBQXEm
qtQ9YgiEJuEkrZHBTtfOZtRZYA0KceKkzgj5FrDF7ify4db3+FAeYZ25w8dbuAut
FWekLGi2hUClAWQ02uNMcMq0aY09WN5u2mC+wdV8jq6lgNSv2+uNISndWIMDMNNW
QuoCSPoOlE8=
=uVz3
-----END PGP SIGNATURE-----