Opposition cyber security spokesman James Paterson joined the chorus of criticism on Tuesday, calling on Bayer Rosmarin to resign if the public had been misled on the company's reaction to the breach.
Home Affairs Minister Clare O'Neil, who on Monday described the attack on Optus' network as being anything but sophisticated — as Bayer Rosmarin had claimed — expressed concern on Tuesday about reports that Medicare details had been leaked in the data that was made public.
The #Optus hacker. https://t.co/S87A55w22z pic.twitter.com/kQ7srYcOmK
— Brett Callow (@BrettCallow) September 27, 2022
Paterson told The Age: “The federal government and Optus must publicly clarify the facts about this hack, because if the Optus CEO has misled the public about sophistication of the attack, or the encryption of the data or its protection, as the minister has implied in her comments, then Ms Bayer Rosmarin position’s is clearly untenable.”
|
|
In the email sent to those affected, Optus said: "The information which has been exposed is your name, date of birth, email associated with your former account, and the number of the ID document you provided such as drivers licence or passport number. No copies of photo IDs have been affected."
What happened at Optus wasn't a sophisticated attack.
— Clare O'Neil MP (@ClareONeilMP) September 26, 2022
We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.#abc730 pic.twitter.com/KamkiapcZl
Apart from claiming on Friday that the attack was a sophisticated one, Bayer Rosmarin claimed on Tuesday that all the data had been encrypted. She did not detail how the attacker had managed to break this encryption as all the leaked data was in a plain text file.
In 2019, Optus obtained an exemption from the Coalition Government from a requirement to encrypt all metadata collected as part of Australia’s data retention regime.
The attacker appears to have been spooked by all the attention and claimed to have deleted the data in his/her possession, after first releasing the details of 10,000 users and threatening to keep making an equal number visible each day for the next five days.
Meanwhile, the authorities in South Australia, Victoria, NSW and Queensland have said that any licences which were exposed would be replaced, with the plan being for Optus to pick up the bill.
