Australian Police Look to FBI for Help With Data Breach

September 28, 2022 | 4 minutes read
Australian Police Look to FBI for Help With Data Breach

Last week, news sources around the world reported that Optus, a prominent Australian telecommunications company, was hit with a substantial data breach that allegedly impacted more than 10 million customers. Subsequently, the categories of personal information that were disclosed during the breach included the personal names of customers, their dates of birth, social security numbers, and postal and email addresses, among other pertinent information. However, despite the fact that data breaches have become a daily occurrence due to the world’s current reliance on digital communications, the breach Optus experienced last week has also drawn the attention of the Australian government.

More specifically, the Australian government has raised concerns about the underlying conditions that enabled hackers to launch a cyber attack against Optus in the first place. To illustrate this point further, Australia’s Minister For Cyber Security Clare O’Neil was quoted as saying that she was “incredibly concerned … about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom”, as many other government officials within the country have also voiced concerns about the fashion in which Optus was handling the breach. For this reason, the Australian government has reportedly looked to the U.S. Federal Bureau of Investigation (FBI) for assistance.

The FBI’s involvement in the data breach

To this last point, the Australian government had also grown concerned about the demands that the hacker who launched the cyberattack on Optus was making to the company’s top executives. For context, “Darkweb screenshots surfaced quickly after the attack, with an underground BreachForums user going by the plain-speaking name of “optusdata” offered to sell the personal information they obtained during the course of the breach back to the company for a ransom payment of $1 million. However, it was later discovered that “optusdata” had instead rescinded this ransom demand, and contradicted the original claim that the personal data they had stolen was for sale.

While the exact reasoning for this change of heart has yet to be determined, the overall outrage that the Outpus data breach has sparked within the nation of Australia likely played a large role in the decision. Likewise, “optusdata” posted a second message which contended that there were “too many eyes” seeing the data”, and went on to say that “We will not sale data to anyone, We can’t if we even want to: personally deleted data from drive (Only copy).” The hacker went on to apologize to the customers that were affected by the breach, and once again reiterated that the personal information that they had obtained was not for sale.

Scared straight

Despite the fact that the details surrounding the FBI’s involvement in assisting the Australian Federal Police in apprehending the criminals that launched the data breach against Optus last week are still somewhat unclear, many leading professionals within the cybersecurity industry suspect the alleged attackers may have been scared off by the sheer amount of attention and scrutiny that has been aimed at Optus following the attack. To this end, the cyberattack in question has been reported to be one the largest of such events to have ever occurred within the country of Australia.

With this being the case, there is a level of attention surrounding the data breach that greatly exceeds what the hackers who initiated the attack were likely expecting. This being said, Casey Ellis, founder, and CTO of bug bounty firm Bugcrowd, was quoted as saying “It’s fairly rare for this type of interaction to be as spectacular as this one has been. Compromising nearly half the population of a country is going to garner a lot of very intense and very powerful attention, and the attackers involved here clearly underestimated this.” Alternatively, Adam Fisher, solutions architect at Salt Security, was also quoted as saying “This strong response might have caught the attacker off guard,” and likely prompted second thoughts. “However, unfortunately, the data is already out in the open. Once a company finds itself in the news like this, every hacker pays attention.”

While the details surrounding the data breach that Optus experienced last week are still being uncovered by the Australian Federal Police force, as well as third-party overseas agencies such as the FBI, it is clear that the event has completely shaken the nation as a whole. This is in spite of the fact that Optus has reportedly offered to cover some of the costs that are typically associated with being involved in a data breach, such as getting a new driver’s license or opening a new bank account. For this reason, businesses around the world will have to find new ways to go about improving their cybersecurity measures, as hackers continue to discover new vulnerabilities that can be used to steal personal information.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »