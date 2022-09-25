The mystery hacker who claims to have stolen the personal information of millions of Optus customers has demanded a $1.5 million ransom as outraged Australians rage against the telco for failing to protect their data.

The hacker has warned that personal addresses, dates of birth, phone numbers, driver’s licenses and passport details of millions will be leaked if Optus does not pay $US1million (AU$1.53million) in cryptocurrency Monero.

They claim to have accessed the details of 11.2 million Optus customers in a major breach that technical experts currently believe is legitimate.

The mystery hacker who claims to have stolen the personal information of millions of Optus customers has demanded a $1.5 million ransom (pictured, an Optus store in Sydney)

The hacker has warned that the personal addresses, dates of birth, phone numbers, driving license and passport details of millions will be leaked if Optus does not pay AUD$1.53 million

The ransom demand appeared on an online forum on Saturday morning, where the hackers warned the telco that it had a week to respond.

‘Optus if you’re reading! price for us not to sell data is 1,000,000$US We give you 1 week to decide,’ read part of the message.

The warning comes as Optus customers take to social media to vent their frustration, with CEO and parenting educator Dannielle Miller just one of the millions of people who say the company’s response has been ‘inadequate’.

Ms Miller told Daily Mail Australia she has been an Optus customer for 30 years and expected more from the telco after decades of loyalty.

She said the apology from Optus boss Kelly Bayer Rosmarin ‘missed the mark’.

‘The CEO referred to Optus as a victim of cyber-hacking. It’s not them who have had their personal information hacked – the customers are the victims,” ​​she said.

‘It is difficult to hear them cry as a victim when it is clear that they have been very weak.’

The ransom demand appeared on an online forum on Saturday morning, with the hackers warning the telco they had a week to respond (pictured, an Optus store in Sydney)

Ms Miller said she intended to close Optus accounts belonging to herself, her daughter and her employees and plans to advise them to switch operators.

She said customers who may be forced to change details such as their license number must be compensated by Optus for any costs incurred.

“Personally, I’m not looking for compensation, what matters to me is peace of mind and security of my data,” she said, adding that customers should be prioritized.

On Friday morning, Bayer Rosmarin issued an emotional apology to the millions of Optus customers whose details had been compromised.

Pictured: Optus CEO Kelly Bayer Rosmarin

She confirmed payment details and account passwords were protected, but admitted she felt ‘terrible’ that the breach had happened on her watch.

“I think it’s a mix of a lot of different emotions,” she said, looking dejected.

“Obviously I’m angry that there are people out there who want to do this to our customers, I’m disappointed that we couldn’t have prevented it.

‘I am very sorry and apologise. It shouldn’t have happened’.

The telco has received criticism for its handling of the major breach, with customers frustrated that it took three days for Optus to start contacting them personally.

The company said ‘proactive personalized messages’ will be sent to those it believes are at ‘high risk’ of being involved, and earlier this week it said it was the most ‘effective’ way to get information to customers through the media .

The company came under fire this week after it revealed it had a massive data breach in which the personal details of 9.8 million customers dating back to 2017 were stolen (pictured, an Optus store in Sydney)

Customers from as far back as 2017 may be affected by the hack, as Optus stores customer verification information for six years.

Data exposed to the cyber attack included names, addresses, dates of birth, telephone numbers, driver’s licenses and passport details.

In an alarming twist, the Australian Federal Police are investigating reports that stolen customer data and identification numbers may be for sale through forums, including the dark web.

“The AFP uses specialist capabilities to monitor the dark web and other technologies and will not hesitate to take action against those who break the law,” it said.

Anyone who buys stolen credentials faces up to 10 years in prison.

Optus said it would not be able to comment on some aspects of the case as the AFP was investigating.

But the company said it would reach out to those who had their details compromised in a statement released on Saturday.

Optus customers whose passport or driver’s license numbers were stolen in the massive data breach are being contacted first (pictured, a stock photo)

“Optus will contact customers to advise them of the impact, if any, of the cyber attack on their personal details,” it said.

‘We start with the customers whose ID document number may have been compromised – all of whom are notified per [Saturday].’

Optus customers whose passport or driver’s license numbers were stolen in the massive data breach are being contacted first.

“We will notify unaffected customers last,” the statement read.

The security hack raised questions about how long telcos should keep data and the compensation customers should receive when these breaches occur.

It was revealed that Optus objected to potential changes to the law in 2020 which would have given customers the right to destroy their own data.

The company said there were “significant hurdles and costs” to get a system up and running.

The Morrison government launched a review of the country’s privacy law, with the Attorney-General’s Department conducting an inquiry into whether Australians should have the choice to delete their personal data.

Another change that was put on the table was to give users the right to take direct legal action when their information was breached.

“As the cyber attack is now under investigation by the Australian Federal Police, Optus cannot comment on certain aspects of the incident,” a company statement said

Optus rejected both changes.

On Thursday, Optus warned that the cyber attack could trigger a rush of scams from criminals, including phishing calls, emails and text messages.

It said its text messages or emails to customers will not carry internet links, so if someone was sent a link it could be a scam.

“Please do not click on any links,” Optus said in a statement on Saturday.

“As the cyber attack is now under investigation by the Australian Federal Police, Optus cannot comment on certain aspects of the incident,” it said.

“Given the investigation, Optus will not comment on the legitimacy of customer data claimed to be held by third parties and urges all customers to exercise caution in their online transactions and dealings.”

Optus CEO Kelly Bayer Rosmarin (pictured) admitted she felt ‘terrible’ the breach had happened on her watch (pictured, an Optus store in Sydney)

Optus’ CEO has revealed that the IP addresses linked to the hackers were moved around various European countries and that it was a ‘sophisticated’ breach.

Ms Bayer Rosmarin added that it was too early to say whether a criminal organization or another state was responsible for the attack.

The data potentially stolen dates back to 2017.

She said the reported figure of 9.8 million people who had their data breached was the ‘worst case scenario’ and Optus expected the number to be much lower.

Optus vice president Andrew Sheridan has said human error was not to blame for the breach.

Optus has been contacted for comment by Daily Mail Australia.