Optus hack continues

Australia's second biggest telecommunications company, Optus, revealed last week that around 10 million customers had personal data stolen in a cyber attack. This amounts to 40 per cent of the population.

Optus reported the data of current and former customers was stolen, including names, birthdates, addresses, phone and email contacts, and passport and driving licence numbers. Payment details and account passwords were not compromised.

The government said that the 2.8 million people who had their passport and and licence numbers stolen are at quite significant risk of identity theft and fraud.

Optus said the breach was being investigated and they have notified police, financial institutions and government regulators.

Local media reported that the breach originated overseas.

Optus chief executive Kelly Bayer Rosmarin said: "Obviously, I am angry that there are people out there that want to do this to our customers, and I'm disappointed that we couldn't have prevented it."

On Saturday, data samples were published in an online forum by an internet user who demanded a $1 million ransom in cryptocurrency from Optus. According to the user, unless Optus paid within a week, other data would be sold off in batches.

Investigators have not yet verified the user's claims, but some experts said the sample data appeared to be legitimate.

On Tuesday, the person claiming to be the hacker released 10,000 records, but then deleted them a few hours later saying it had been a mistake.

Others on the forum copied the data and continued to distribute it.

It also came out that some Medicare details were stolen, though Optus had not previously disclosed this. These numbers could provide access to medical records.

People have been warned to look out for identity theft and opportunistic scammers.

Cyber Security Minister Clare O'Neil said that the breach highlights that Australia is behind the rest of the world in terms of privacy and cyber issues.