Optus: A hacker brought Australia to its knees  

The story behind the nation’s largest cyber attack

Last week, Australia’s telecommunications giant Optus revealed that it had been the victim of a cyber attack and had data stolen from around 10 million of its customers – 40% of the country’s population . This is clearly the worst data breach in Australian history, but the case did not stop there.

This week has dramatic developments, with a stock market crash, ransom payments and intense political strife. But let’s start things from the beginning.

Last Wednesday, Optus subsidiary Singapore Telecommunications disclosed the breach 24 hours after noticing suspicious activity on its network. Optus admitted that customer data including names, dates of birth, home addresses, phone numbers, email addresses and passport and driver’s license numbers had been stolen. It stressed that it is investigating the breach and has notified the police, financial institutions and government agencies.

Saturday also saw the first ransom demand against Optus, with the hacker asking for $1 million in cryptocurrency by next week, or the data would be sold in parts. Cybersecurity experts believed that the data the hacker had in his hands was real, while a reporter who contacted him revealed how the breach was made. The hacker refuted Optus’ claims that it was a sophisticated breach, saying he obtained the data using free software.

On Tuesday the hacker released the records of 10,000 customers, reminding Optus of the deadline. A few hours later, however, he apologized, saying it was his mistake and deleted the data he posted. The incident raised suspicions that Optus paid the ransom, which the company denied. But the post started a new headache for Optus, after it was revealed that the data contained medical data, something the company had not previously reported. Finally, it admitted yesterday that the breach also resulted in the exposure of 37,000 Medicare accounts.

Optus is getting a flood of messages from angry customers, and a class action lawsuit is expected soon. The government has taken a stand, describing the case as ” unprecedented “, while accusing Optus of ” leaving the window open ” for sensitive data to be stolen. The opposition accuses the government of being ” asleep at the wheel “, while the Minister of Digital Security commented that the country is ” a decade behind ” the rest of the world in matters of privacy and security.