Australian Police Look to FBI for Help With Data Breach
September 28, 2022 | 4 minutes read
Last week, news sources around the world reported that Optus, a prominent Australian telecommunications company, was hit with a substantial data breach that allegedly impacted more than 10 million customers. Subsequently, the categories of personal information that were disclosed during the breach included the personal names of customers, their dates of birth, social security numbers, and postal and email addresses, among other pertinent information. However, despite the fact that data breaches have become a daily occurrence due to the world’s current reliance on digital communications, the breach Optus experienced last week has also drawn the attention of the Australian government.
More specifically, the Australian government has raised concerns about the underlying conditions that enabled hackers to launch a cyber attack against Optus in the first place. To illustrate this point further, Australia’s Minister For Cyber Security Clare O’Neil was quoted as saying that she was “incredibly concerned … about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom”, as many other government officials within the country have also voiced concerns about the fashion in which Optus was handling the breach. For this reason, the Australian government has reportedly looked to the U.S. Federal Bureau of Investigation (FBI) for assistance.
The FBI’s involvement in the data breach
To this last point, the Australian government had also grown concerned about the demands that the hacker who launched the cyberattack on Optus was making to the company’s top executives. For context, “Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of “optusdata” offered to sell the personal information they obtained during the course of the breach back to the company for a ransom payment of $1 million. However, it was later discovered that “optusdata” had instead rescinded this ransom demand, and contradicted the original claim that the personal data they had stolen was for sale.
While the exact reasoning for this change of heart has yet to be determined, the overall outrage that the Outpus data breach has sparked within the nation of Australia likely played a large role in the decision. Likewise, “optusdata” posted a second message which contended that there were “too many eyes” seeing the data”, and went on to say that “We will not sale data to anyone, We can’t if we even want to: personally deleted data from drive (Only copy).” The hacker went on to apologize to the customers that were affected by the breach, and once again reiterated that the personal information that they had obtained was not for sale.
Scared straight
Despite the fact that the details surrounding the FBI’s involvement in assisting the Australian Federal Police in apprehending the criminals that launched the data breach against Optus last week are still somewhat unclear, many leading professionals within the cybersecurity industry suspect the alleged attackers may have been scared off by the sheer amount of attention and scrutiny that has been aimed at Optus following the attack. To this end, the cyberattack in question has been reported to be one the largest of such events to have ever occurred within the country of Australia.
With this being the case, there is a level of attention surrounding the data breach that greatly exceeds what the hackers who initiated the attack were likely expecting. This being said, Casey Ellis, founder, and CTO of bug bounty firm Bugcrowd, was quoted as saying “It’s fairly rare for this type of interaction to be as spectacular as this one has been. Compromising nearly half the population of a country is going to garner a lot of very intense and very powerful attention, and the attackers involved here clearly underestimated this.” Alternatively, Adam Fisher, solutions architect at Salt Security, was also quoted as saying “This strong response might have caught the attacker off guard,” and likely prompted second thoughts. “However, unfortunately, the data is already out in the open. Once a company finds itself in the news like this, every hacker pays attention.”
While the details surrounding the data breach that Optus experienced last week are still being uncovered by the Australian Federal Police force, as well as third-party overseas agencies such as the FBI, it is clear that the event has completely shaken the nation as a whole. This is in spite of the fact that Optus has reportedly offered to cover some of the costs that are typically associated with being involved in a data breach, such as getting a new driver’s license or opening a new bank account. For this reason, businesses around the world will have to find new ways to go about improving their cybersecurity measures, as hackers continue to discover new vulnerabilities that can be used to steal personal information.