CANBERRA, Australia — Australian police were investigating a report that a purported hacker had already released the stolen personal data of 10,000 Optus customers and was demanding a $1 million ransom in cryptocurrency, the telecommunications company’s chief executive said on Tuesday.
The Australian government has blamed lax cybersecurity at the nation’s second-largest wireless carrier for the unprecedented breach last week of the personal data of 9.8 million current and former Optus customers.
Jeremy Kirk, a Sydney-based cybersecurity writer, said the purported hacker had released 10,000 Optus customer records on the dark web and threatened to release another 10,000 every day for the next four days unless Optus paid the ransom.
Asked if the hacker had threatened to sell the remaining data if Optus did not pay the $1 million within a week, the company’s chief executive Kelly Bayer Rosmarin told Australian Broadcasting Corp.: “We have seen there is a post like that on the dark web.”
Australian Federal Police said Monday their investigators were working with overseas agencies to determine who was behind the attack and to help shield the public from identity fraud. Police declined further comment Tuesday as the investigations were ongoing, an AFP statement said.
“They’re looking into every possibility and they’re using the time available to see if they can track down that particular criminal and verify if they a bona fide,” Bayer Rosmarin said.
Kirk said the personal data released on Tuesday appeared to include health care numbers, a form of identification not previously revealed publicly to have been hacked.
Cybersecurity Minister Clare O’Neil on Tuesday urged Optus to give priority to informing customers of what information had been taken.
“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom,” O’Neil said in a statement.
“Medicare numbers were never advised to form part of compromised information from the breach,” she added.
Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them, she said.
“Reports today make this a priority,” O’Neil said.
O’Neil on Monday described the hack as an “unprecedented theft of consumer information in Australian history.”
Of the 9.8 million people affected, 2.8 million had “significant amounts of…