The Times Australia
The Times World News

.

The 'Optus hacker' claims they've deleted the data. Here's what experts want you to know

  • Written by Jennifer J. Williams, PhD Candidate, Macquarie University
The 'Optus hacker' claims they've deleted the data. Here's what experts want you to know

Shortly after Australian telecommunications company Optus announced the identity data of millions of customers had been stolen, a person claiming to be the hacker announced they would delete the data for US$1 million.

When Optus didn’t pay, the purported hacker published 10,000 stolen records and threatened to release ten thousand more every day until the ransom deadline. These leaked records contained identity information such as driver’s license, passport and Medicare numbers, as well as parliamentary and defense contact information[1].

A few hours after the data drop, the purported hacker unexpectedly apologised[2] and claimed to have deleted the data due to “too many eyes”, suggesting fear of being caught. Optus confirms they did not pay the ransom[3].

They’ve said they deleted the data – now what? Is it over?

Communication from the person claiming to be the hacker and the release of 10,200 records have all occurred on a website dedicated to buying and selling stolen data.

The data they released are now easily available and appear to be legitimate data stolen from Optus (their legitimacy has not been verified by Optus or the Australian Federal Police; the FBI in the United States has now been called in[4] to help the investigation).

The question then is – why would the hacker express remorse and claim to delete the data?

Unfortunately, while the purported hacker did appear to possess the legitimate data, there is no way to verify the deletion. We have to ask: what would the hacker gain from claiming to delete them?

It is likely a copy still remains, and it’s even possible the post is a ploy to convince victims not to worry about their security – to increase the likelihood of successful attacks using the data. There is also no guarantee the data were not already sold to a third party.

What next?

Whatever the motivations of the person claiming to be the hacker, their actions suggest we should continue to expect all records stolen from Optus do remain in malicious hands.

Despite the developments, recommendations still stand[5] – you should still be taking proactive action to protect yourself. These actions are good cyber hygiene practices no matter the circumstances.

Read more: What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide[6]

An extra measure offered recently is changing your driver’s license number[7], ordering a new passport[8] and Medicare card[9].

However it is unclear at this early stage whether free options to change these documents will be made to all data breach victims, or only a subset of victims.

Can I find out whether my data were part of the 10,200 leaked records?

Reports of people being contacted by scammers[10] suggest they are already being used.

Troy Hunt, the Australian cyber security professional who maintains HaveIBeenPwned[11] – a website you can use to check whether your data are part of a known breach – has announced he will not add the leaked data to the site[12] at this stage. So this method will not be available.

The best course of action in this case is to assume your data may have been released until Optus notifies people in the coming week[13].

Are the released data already being used?

The least technically sophisticated method of targeting Optus customers is to use the details to make direct contact and ask for a ransom. There are reports blackmailers are already targeting breach victims[14] via text message, claiming to have the data and threatening to post it on the dark web unless the victim pays.

The data have already leaked and claims about deleting the data are untrue. Paying anyone who makes these claims will not increase the security of your information.

Data recovery scams – where scammers target victims offering help to remove their data from the dark web or recover any money lost for a fee – have also become prominent[15]. Instead of helping, they steal money or obtain more information from the victim. Anyone who claims to be able to scrub the data from the dark web is claiming to put toothpaste back in the tube. It isn’t possible.

The data could also be used to identify family members to make the “Hi Mum[16]” or family impersonation scam more convincing. This involves scammers posing as a family member or friend from a new phone number, often using WhatsApp, in need of urgent financial help. Anyone receiving this kind of text message should make every effort to contact their family member or friend by other means.

What else can my data be used for?

The scams involved with these data will only grow in the coming days and weeks and may not be confined to the digital world.

Other possible uses involve activities like attempting to take over valuable online accounts or your SIM card, or setting up new financial services and SIM cards in your name. The advice we provided in our previous article[17] applies to these.

Additionally, anyone with reason to be concerned about physical safety if their location is known (for example domestic abuse survivors) should consider the possibility that their names, telephone numbers and address may have leaked or may in the future.

If you have been the victim of fraud or identity theft as a result of this breach or any others, you can contact IDCare[18] for additional aid and Cyber Report[19] to report the crime.

References

  1. ^ parliamentary and defense contact information (www.theguardian.com)
  2. ^ unexpectedly apologised (www.abc.net.au)
  3. ^ did not pay the ransom (www.theguardian.com)
  4. ^ has now been called in (www.afr.com)
  5. ^ recommendations still stand (theconversation.com)
  6. ^ What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide (theconversation.com)
  7. ^ changing your driver’s license number (www.theguardian.com)
  8. ^ ordering a new passport (www.passports.gov.au)
  9. ^ Medicare card (www.servicesaustralia.gov.au)
  10. ^ people being contacted by scammers (eftm.com)
  11. ^ HaveIBeenPwned (haveibeenpwned.com)
  12. ^ not add the leaked data to the site (twitter.com)
  13. ^ Optus notifies people in the coming week (www.linkedin.com)
  14. ^ already targeting breach victims (www.theguardian.com)
  15. ^ have also become prominent (7news.com.au)
  16. ^ Hi Mum (www.accc.gov.au)
  17. ^ our previous article (theconversation.com)
  18. ^ IDCare (www.idcare.org)
  19. ^ Cyber Report (www.cyber.gov.au)

Read more https://theconversation.com/the-optus-hacker-claims-theyve-deleted-the-data-heres-what-experts-want-you-to-know-191494

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...

Troubleshooting Flickering Lights: A Comprehensive Guide for Homeowners

Image by rawpixel.com on Freepik Effectively addressing flickering lights in your home is more than just a matter of convenience; it's a pivotal aspect of both home safety and en...

My shins hurt after running. Could it be shin splints?

If you’ve started running for the first time, started again after a break, or your workout is more intense, you might have felt it. A dull, nagging ache down your shins after...

Metal Roof Replacement Cost Per Square Metre in 2025: A Comprehensive Guide for Australian Homeowners

In recent years, the trend of installing metal roofs has surged across Australia. With their reputation for being both robust and visually appealing, it's easy to understand thei...

Why You’re Always Adjusting Your Bra — and What to Do Instead

Image by freepik It starts with a gentle tug, then a subtle shift, and before you know it, you're adjusting your bra again — in the middle of work, at dinner, even on the couch. I...

How to Tell If Your Eyes Are Working Harder Than They Should Be

Image by freepik Most of us take our vision for granted—until it starts to let us down. Whether it's squinting at your phone, rubbing your eyes at the end of the day, or feeling ...