The sensitive details of 10,000 Australian customers were reportedly leaked by the hackers behind Optus’ massive data breach last week.
Information obtained illegally includes passport and driver’s license numbers, dates of birth and home addresses, according to cybersecurity researcher and writer Jeremy Kirk of ISMG Corp.
Mr. Kirk, who says he was in contact with those responsible for the attack on the phone company, said they were also threatening to release the same number of documents every day until a $ 1.5 million ransom was paid.
“Bad news. The Optus hacker has released 10,000 customer records and claims a batch of 10,000 will be released every day for the next four days if Optus doesn’t give in to the extortion request,” he tweeted Tuesday morning.
Government Services Minister Bill Shorten said Optus needed to do better.
“From what I’ve been told, Optus hasn’t done enough … to protect its customers and their follow-up needs to be much more diligent,” he told Nine Network’s Today.
“I think the time has come for … a major overhaul of the way our data is held by large corporations.
“We are doing everything we can to arrest hackers, but there is no doubt that the company’s defenses were, as I have been told, insufficient.”
Mr. Shorten said the hack has raised questions about how much personal data large companies should keep and for how long.
Interior Minister Clare O’Neil told ABC on Monday that the attack was not “sophisticated”.
A federal police investigation was opened into the data breach, which affected 9.8 million Australians.
Operation Hurricane was set up by the AFP to identify the perpetrators of the breach, as well as to prevent the impersonation of those involved.
Deputy Commissioner for Cyber Command Justine Gough said investigating the source of the data breach would be complex.
The task force will work with the Australian Directorate of Signals, Overseas Police and Optus.
Opposition cybersecurity spokesman James Paterson told Sky News that the government has some responsibilities and called its response to the hack “slow.”
Slater and Gordon Lawyers are investigating whether to initiate a class action lawsuit against Optus on behalf of current and former clients.
Class action senior partner Ben Zocco said the leaked information poses a risk to vulnerable people, including survivors of domestic violence and victims of harassment.
Ms. O’Neil launched a ferocious attack on Optus in parliament on Monday.
He said the responsibility rested solely with the telecom giant and the government was looking for ways to mitigate the fallout.
The minister called on the telecom company to provide free credit monitoring to past and current customers whose data was stolen during the breach.
Optus has announced that it will provide its most affected current and former customers with a free 12-month subscription to Equifax Protect for credit monitoring.
Payment details and account passwords were not compromised.