A couple of weeks back, Optus, one of Australia’s leading telecom provider suffered a malignant data breach there by impacting internal and external records including but not limited to sensitive customer data. Furthermore, Optus confirmed that 2.1 million customers had government identification numbers compromised during a cyberattack last month. Additionally, another leading telecom provider Telstra also suffered a data breach. Telstra’s CISO has added that no systems have been impacted and no customer data has been involved in the breach so far. This article highlights the attack vectors for both the breaches and some insights around these data breaches.
In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ID document numbers exposed to the hackers. Of these 2.1 million customers, 1.2 million had at least one number from a current and valid form of identification compromised, and 900,000 had ID numbers exposed but from documents that are now expired. The press report stated that “Having worked with government agencies to meticulously analyse the data for the company’s 9.8 million customers, Optus can confirm the exposed information did not contain valid or current document ID numbers for some 7.7 million customers.” Some of the impacted IDs have already been notified about the next steps including the ones with compromised Drivers License can now request a new driver’s license number to prevent identity theft or fraudulent activity. The hacker apologized to Optus and its customers a few days later and claimed to have deleted all of the stolen data under the pressure of law enforcement.
Yesterday, the largest telecom provider Telstra was the next to go. It stated that the breach was focused on a third-party platform called Work Life NAB, which the company no longer uses, and that the leaked data that was posted online related to a “now-obsolete Telstra employee rewards program. Telstra also took to twitter to confirm the data breach and also clarified that the breached data was back-dated, including Names and email addresses and no system impact. Since Optus disclosed on September 22 that a breach of its systems may have compromised the accounts of up to 10 million people, the financial, government, and telecommunications sectors of Australia have been on high alert.
It’s been understood that The Australian Federal Police (AFP) have arrested a 19-year old in Sydney for allegedly using leaked Optus customer data for extortion. More specifically, the suspect used 10,200 records leaked last month by the Optus hackers and contacted victims over SMS to threaten that their data would be sold to other hackers unless they paid AUD 2,000 ($1,300) within two days. Home addresses, passport numbers, and driver’s license numbers were among the exposed data. The Optus breach is known to have occurred with an unnoticed vulnerability which was potentially deemed to be ineffective if exploited, but it seems the hackers had something different in mind. These Magnum-Opus providers form a huge part of the APAC telecom infrastructure and just goes on to show the weakest links are always going to be the biggest entry points for threat actors to make a dent.