Alastair MacGibbon: Optus hack victims told to check for criminal actions by cyber security expert

Personal details of nearly 10 million Optus customers are leaked in one of Australia’s biggest cyber attacks ever – here’s what the hackers know about YOU

  • Expert warns Optus hack victims to watch out for criminals impersonating them 
  • Alastair MacGibbon said Optus should be paying for credit monitoring 
  • Nearly 10 million Optus customers had personal details taken in cyber attack
  • Optus is advising customers to check bank accounts for suspicious activity
  • Customers’ payment details have not been compromised in the attack

A cyber-security expert says Optus customers need to watch out for criminals impersonating them online after hackers potentially stole personal details from the entire telco’s client database.

Thursday’s massive cyber breach allowed hackers to access personal details, such as passport and drivers licence numbers, email and home addresses, dates of birth and telephone numbers, of around 10 million Australians. 

Alastair MacGibbon, who is chief strategy officer at cyber-security firm CberCX and a former advisor to the prime minister, says Optus customers should beware.   

Nearly 10 million Optus customers have had their personal details stolen in what is believed to be one of the biggest cyber attacks in Australian history

 Nearly 10 million Optus customers have had their personal details stolen in what is believed to be one of the biggest cyber attacks in Australian history

‘Personal information has been stolen,’ he told the ABC.  

‘A lot of personal information for several million people and slightly less information for about 6 million more.

‘They should be looking for whether criminals are mimicking them, or stealing their identity, trying to obtain credit in their name … etc.’

He said Optus could guard the interests of their customers is by paying for credit monitoring.  

‘That way you will be monitored by credit monitoring services if someone has been using your name and other details to obtain credit,’ Mr MacGibbon said.

Chief strategy officer at cyber-security firm CberCX Alastair MacGibbon has warned Optus customers they could be impersonated by criminals

Chief strategy officer at cyber-security firm CberCX Alastair MacGibbon has warned Optus customers they could be impersonated by criminals

The cyber expert warned the personal information gathered by a large organisation was ‘potentially valuable for criminals’. 

‘If you collect a lot of information it is more valuable so any company that collects a lot of information is at risk of this type of incident occurring,’ he said.

‘It appears this is about customer data being stolen.’ 

Mr MacGibbon said the breach was ‘pretty significant by Australian standards’.  

‘My understanding is that it is about 9 million people that have been impacted so I am going to say that’s probably the Optus database, which is very significant,’ he said.

‘This size is rare but not completely unlikely in a place like Australia.’ 

Mr MacGibbon said that the Optus breach might not be the work of a sophisticated group of hackers

There was one bit of ‘good news’.

‘It’s not great that it’s (information) been stolen or accessed but it seems that their (Optus’s) networks are functioning,’ Mr MacGibbon said.

It remains unclear what the hackers were after at this stage with authorities and the telco still investigating

‘They (Optus) might have already been contacted by criminals,’ he said. 

‘We don’t necessarily know what the motives are.’ 

Despite the scale of the attack Mr MacGibbon did not necessarily think it was the work of master hackers. 

‘It might be a sophisticated criminal group,’ he said.

‘It might be an unsophisticated criminal group, someone might have stumbled across a vulnerability, something Optus hadn’t done that in hindsight it should have done. 

‘From time-to-time nation states have engaged in this type of activity as well.’

Optus chief executive Kelly Rosmarin says the company is working with the Australian Federal Police to investigate the attack

Optus chief executive Kelly Rosmarin says the company is working with the Australian Federal Police to investigate the attack

Optus is now investigating the full extent of information accessed and how much had been stolen as well as how it happened. 

‘Obviously there’s a lot of stakeholder communications including government agencies that they are going to have to answer to on how this occurred,’ Mr MacGibbon said.    

‘They’ll obviously have to report this to the Privacy Commissioner, that legislation has been in place for several years, and they will be working closely with law enforcement agencies and the Australian Cyber-Security Centre.’

After breaching the Optus firewall hackers reportedly stole 2.8 million customers’ passport and drivers licence numbers, email and home addresses, dates of birth and telephone numbers after reportedly exploiting a weakness in the company’s firewall. 

The remaining seven million had their dates of birth, email addresses and phone numbers stolen.

Optus might have employ credit monitors to make sure their customers aren't impersonated by criminals

Optus might have employ credit monitors to make sure their customers aren’t impersonated by criminals

Optus chief executive Kelly Rosmarin said the company was working with the Australian Federal Police to investigate the attack. 

‘We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,’ she said in a statement.

‘As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.

‘We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.’

Mobile and home internet, along with messages and voice calls have not been affected

Mobile and home internet, along with messages and voice calls have not been affected

She said customers’ payment details had not been compromised, but advised them to check their bank accounts for suspicious activity.  

‘Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.’

Mobile and home internet, along with messages and voice calls have not been affected. 

Both past and present Optus customers have been impacted. 

Source

Related posts