The Australian government has blamed Optus itself for the security breach at Optus Telecommunications. The government also announced an overhaul of data protection rules and increased fines, claiming that the company had actively encouraged hackers to steal data and accused them of concealing the seriousness of the breach.
Clare O’Neil, Australia’s Minister for Cybersecurity, said the findings suggested that government health insurance identification numbers were compromised and offered free of charge and for ransom. Furthermore, consumers have a right to know what personal information has been compromised.
Optus chief executive Kelly Bayer said there was a lot of misinformation, but Optus has informed authorities who have been working with law enforcement agencies, including the FBI, to find the perpetrators.
She went on to say that most customers understand that Optus is not the villain and that the company has done nothing intentionally to compromise the data because its data is encrypted and there are multiple players to protect it. She stressed that the company lacked a fully exposed API (application programming interface) that allows two or more computer programs to communicate with each other.
Despite reports in Australian media that the hackers have backed away from their $1 million ransom demand in cryptocurrency for not releasing sensitive data, Australia’s Council of Financial Regulators, which includes the central bank, has said its members have cooperated in response to the cyberattack.
The sources for this piece include an article in Reuters.