A suspected attacker seeking ransom from Optus in exchange for millions of customer records posted 10,000 records online on Tuesday before removing the threat and deleting all claims.
On Monday evening, the alleged attacker uploaded a text file of 10,000 records to a data breach website and promised to release 10,000 more records every day for the next four days unless Optus pays 1 million dollars in cryptocurrency.
The leaked text contained names, birth dates, email addresses, driver’s license numbers, passport numbers, health insurance numbers, phone numbers and address information. It also included more than a dozen federal and state government email addresses, including four from the Department of Defense and one from the Prime Minister and Cabinet Office.
But by late Tuesday morning, the alleged attacker had apparently changed his mind, deleting his posts and saying he had also deleted the only copy of Optus’ data.
“Too many eyes. we won’t sell [sic] given to anyone. We can’t if we even want to: Personally delete drive data (copy only),” they said in a new post.
“Sorry too [sic] 10,200 Australian whos [sic] data has been leaked.
“Australia won’t see any gain in fraud, it can be monitored. Maybe for 10,200 Aussies but the rest of the population won’t. I’m so sorry for you.
The alleged abuser apologized to Optus and said he would have reported the exploit had Optus allowed it to be reported. Optus said no ransom was paid.
This sudden about-face will not relieve Optus customers stressed about being caught in the breach.
Optus still claims the breach happened due to a “sophisticated attack,” while the feds argue it was due to a mistake by the company that left the data accessible online.
It’s unclear if the alleged attacker obtained the customer data – and if he was the only one to do so.
Attorney General Mark Dreyfus confirmed on Tuesday that the Federal Bureau of Investigation in the United States was assisting the Australian Federal Police operation to uncover who may have accessed the data and who was trying to sell it.
There are suggestions that scammers are already trying to take advantage of the breach by targeting Optus customers.
The Commonwealth Bank of Australia (CBA) said on Tuesday it had blocked an account referenced in an SMS message intended to extort $2,000 from victims of the Optus data breach.
In the text message, the victims were informed that if they did not pay the money, “your information will be sold and used for fraudulent activities within 2 days”.
An ABC spokesperson said the bank was “aware of a text message seeking to solicit funds and referencing an ABC bank account following the Optus data breach, and we have identified and blocked this account”.
The block means that money cannot be transferred to or from the account. It is understood that no money was transferred to the account between the sending of the SMS and its blocking by the ABC.
“We continue to work closely with the Australian Federal Police and other investigative, government and regulatory authorities to limit the impact of any fraud and scams resulting from the events of the past few days,” the spokesperson said. from the ABC.
Details of the SMS message were first reported on Twitter by a reporter from Nine Entertainment on Tuesday morning.
The ABC also said it also offers its customers a free service called SavvyShield which makes it easier for people who believe their identity has been compromised to block inquiries about their credit history and stop attempts. credit application on their behalf.