Optus Hack: ASIC Warns Market Intermediaries against Possible 'Fraud'

by Arnab Shome
  • Personal details of up to 10 million Optus customers were stolen.
  • Interestingly, the hacker assured deletion of the compromised data.
Hacking
Join our Telegram channel

The Australian Securities & Investments Commission (ASIC) sent a warning email to the Aussie financial market intermediaries, including brokers, against the risks of possible “identity theft and fraud” amid the Optus data breach.

A copy of the email seen by Finance Magnates asked the market intermediaries to be “extra vigilant in verifying and managing customers’ personal information.”

Finance Magnates also reached out to multiple brokers to know about their preparedness with the ASIC warning, however, at least one broker confirmed that it did not receive ASIC’s email.

A Massive Data Breach

Optus is the second largest telecom service provider in Australia. The company created a stir in the country earlier this week after revealing that the personal data of up to 10 million customers were compromised, which include home addresses, drivers' licenses and passport numbers.

It was the largest data breach by scale in Australia.

The hacker initially asked for $1 million as ransom from the company and threatened to publish 10,000 Optus customers every day until the money is received. However, an anonymous online account claiming to be the hacker dropped the ransom demand recently and has assured the deleting of the compromised data.

“At this stage, it appears that the data breach is limited to retail customers (and potentially small businesses) while enterprise accounts do not appear to be impacted,” ASIC’s email stated.

Sophie Gerber, TRAction Fintech
Sophie Gerber, TRAction Fintech

“The email from ASIC is very prudent given the scale of the Optus data breach,” Sophie Gerber, the Founder and Co-CEO of TRAction told Finance Magnates. “Although it has been sent to a subset of AFSL holders, really it applies equally to all businesses that deal with Australians regardless of whether they are in financial services.”

“Although it has been claimed that the hacked data has now been deleted, there is no doubt a level of skepticism given the nature of the party involved.”

Indeed, Optus also agreed to bear the multimillion-dollar cost of changing the driver’s license number of Australians affected by the data breach.

Earlier, ASIC clarified that it expects all regulated market participants to “address cyber risk as part of their AFS license obligations .” However, the regulator does not recommend any technical standards or expert guidance as a part of the Australia Financial Services license requirements.

“ASIC has issued quite a number of media releases about cybersecurity and combined with the RI Advice, they show the level of scrutiny being applied to these issues. AFSL holders should be taking active steps to actively manage their cybersecurity and identity verification processes, staying on top of all developments and adapting accordingly,” Gerber added.

The Australian Securities & Investments Commission (ASIC) sent a warning email to the Aussie financial market intermediaries, including brokers, against the risks of possible “identity theft and fraud” amid the Optus data breach.

A copy of the email seen by Finance Magnates asked the market intermediaries to be “extra vigilant in verifying and managing customers’ personal information.”

Finance Magnates also reached out to multiple brokers to know about their preparedness with the ASIC warning, however, at least one broker confirmed that it did not receive ASIC’s email.

A Massive Data Breach

Optus is the second largest telecom service provider in Australia. The company created a stir in the country earlier this week after revealing that the personal data of up to 10 million customers were compromised, which include home addresses, drivers' licenses and passport numbers.

It was the largest data breach by scale in Australia.

The hacker initially asked for $1 million as ransom from the company and threatened to publish 10,000 Optus customers every day until the money is received. However, an anonymous online account claiming to be the hacker dropped the ransom demand recently and has assured the deleting of the compromised data.

“At this stage, it appears that the data breach is limited to retail customers (and potentially small businesses) while enterprise accounts do not appear to be impacted,” ASIC’s email stated.

Sophie Gerber, TRAction Fintech
Sophie Gerber, TRAction Fintech

“The email from ASIC is very prudent given the scale of the Optus data breach,” Sophie Gerber, the Founder and Co-CEO of TRAction told Finance Magnates. “Although it has been sent to a subset of AFSL holders, really it applies equally to all businesses that deal with Australians regardless of whether they are in financial services.”

“Although it has been claimed that the hacked data has now been deleted, there is no doubt a level of skepticism given the nature of the party involved.”

Indeed, Optus also agreed to bear the multimillion-dollar cost of changing the driver’s license number of Australians affected by the data breach.

Earlier, ASIC clarified that it expects all regulated market participants to “address cyber risk as part of their AFS license obligations .” However, the regulator does not recommend any technical standards or expert guidance as a part of the Australia Financial Services license requirements.

“ASIC has issued quite a number of media releases about cybersecurity and combined with the RI Advice, they show the level of scrutiny being applied to these issues. AFSL holders should be taking active steps to actively manage their cybersecurity and identity verification processes, staying on top of all developments and adapting accordingly,” Gerber added.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}