Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Police say hacker concealed ID in Australian privacy breach

Police say the hacker who stole the personal data of almost 10 million people in one of Australia’s worst privacy breaches concealed their identity, actions and whereabouts

Rod McGuirk
Friday 30 September 2022 05:03 BST
Australia Cybersecurity
Australia Cybersecurity (Copyright 2021 The Associated Press. All rights reserved)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The computer hacker who stole personal data of almost 10 million customers of a telecommunications company in one of Australia’s worst privacy breaches used techniques to conceal their identity, actions and whereabouts, police said on Friday.

Australian Federal Police Assistant Commissioner Justine Gough, who heads cyber investigations, said the international probe, that includes the U.S. Federal Bureau of Investigation, into the Optus cyberattack last week would be “long and complex.”

"You can be assured that our very clever and dedicated cyber investigators are focused on delivering justice for those whose personal information has been compromised,” Gough said.

The government blames lax cybersecurity at Optus, Australia’s second-largest wireless carrier, for the theft of current and former customers’ personal information.

Cybersecurity Minister Clare O’Neil described the crime as “quite a basic hack.” She said Optus, a subsidiary of Singapore Telecommunications Ltd., also known as Singtel, had “effectively left the window open for data of this nature to be stolen.”

Optus maintains it was the target of a sophisticated cyberattack that penetrated several layers of security.

Gough declined to say whether the crime fitted the description of “sophisticated” or “basic.”

“I’m not going to go into the details as to the attack because ... it is subject of our ongoing investigation,” Gough said.

“But I would say that whoever is behind this attack has used obfuscation techniques to conceal their identity, their location and their activity,” she added.

While details of 9.8 million Optus customers were stolen, authorities are most concerned for more than 10,000 customers whose records were dumped on the dark web on Tuesday as part of an extortion attempt.

The hacker later withdrew a $1 million ransom demand in a post that apologized for the crime and claimed that all the stolen data had been destroyed. Experts are skeptical.

Gough declined to say whether any further extortion attempt had been made.

But she announced police forces throughout Australia had combined resources to “supercharge” the protection of the 10,000 who are most vulnerable to identify theft and fraud. Police are also working with the finance and services sectors to detect fraud.

“Customers affected by the breach will receive multijurisdictional and multilayered protection from identity crime and financial fraud,” Gough said.

Operation Guardian will eventually extend to the next-most vulnerable tier of customers, the 2.8 million who have had their driver’s license and passport numbers stolen.

Prime Minister Anthony Albanese said Optus had agreed to pay to replace the passports of compromised customers.

“I think that’s entirely appropriate,” Albanese said.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in