The news is from Australia.
About 40% of Australia's population had personal data stolen in a cyber- attack last week.
It may be the worst data breech in Australia's history, according to some experts.
There have been more dramatic and messy developments this week, including extortion threats, tense public exchanges and scrutiny over whether this was a hack at all.
Questions about how Australia handles data and privacy have been raised.
About a day after it noticed suspicious activity on its network, the subsidiary of Singapore Telecommunications went public with the incident.
The names, birthdates, phone numbers, email addresses, passport numbers, and driving licence numbers of current and former customers have been stolen. Payment details and account passwords were not altered.
More than two million people have their passport or licence numbers taken and they are at a high risk of identity theft.
The company told police, financial institutions, and government regulators about the incident. Local media reported that the incident appeared to have originated overseas.
The CEO of the company apologized and said the company has very strong security.
"Obviously, I am angry that there are people out there that want to do this to our customers, and I'm disappointed that we couldn't have stopped it," she said.
Early on Saturday, an internet user published data samples on an online forum and demanded a Ransom of $1m (A$ 1.5m; £938,000).
The company had a week to pay or the data would be sold in batches.
Some experts said the sample data appeared to be legitimate, even though investigators are yet to verify the user's claims.
The purported hacker gave Jeremy Kirk a detailed explanation of how they stole the data, according to Jeremy Kirk.
The user said that they puled the data from a free software interface.
They said that the internet was open for anyone to use.
On Tuesday, the person claiming to be the hacker released 10,000 customer records and repeated the deadline for payment.
The user apologized and deleted the data sets that had been posted.
It's too much eyes. They said they wouldn't sell data to anyone. I would like to apologize to Optus for this. Hope everything works out well from this.
The company denied that it had paid the extortion.
Others on the forum continued to distribute the data sets despite the fact that they had been deleted.
Medicare details, government identification numbers that could provide access to medical records, have also been stolen.
The company said this had affected over 30,000 Medicare cards.
Since last week, the company has been receiving angry messages.
People have been warned to look out for signs of identity theft and for opportunists who are already cashing in on the confusion.
There is a chance of a class-action lawsuit against the company. "This is possibly the most serious privacy violation in Australian history, both in terms of the number of affected people and the nature of the information disclosed," said Ben Zocco from Slater and Gordon Lawyers
The government blamed it on the fact that it left the window open for sensitive data to be stolen.
"You certainly don't seem to be buying the line from Optus that this was a sophisticated attack?" was the question that was posed to the Cyber Security Minister on Monday.
It was not. Ms O'Neil said so no. There was a lot of attention online.
What happened at Optus wasn't a sophisticated attack.
We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.#abc730 pic.twitter.com/KamkiapcZl
All Rights Reserved © 2024
