<p>The Australian Securities & Investments Commission (ASIC) sent a warning email to the Aussie financial market intermediaries, including brokers, against the risks of possible “identity theft and fraud” amid the Optus data breach.</p><p>A copy of the email seen by Finance Magnates asked the market intermediaries to be “extra vigilant in verifying and managing customers’ personal information.”</p><p>Finance Magnates also reached out to multiple brokers to know their preparedness with the <a href=”https://www.financemagnates.com/tag/asic/” target=”_blank”>ASIC </a>warning, however, at least one confirmed that it did not receive the ASIC’s email.</p><p>A Massive Data Breach</p><p>Optus is the second largest telecom service provider in Australia. The company created a stir in the country earlier this week after revealing that the <a href=”https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack” target=”_blank” rel=”nofollow”>personal data of up to 10 million customers</a> were compromised, which include home addresses, drivers’ licenses, and passport numbers.</p><p>It was the largest data breach by scale in <a href=”https://www.financemagnates.com/tag/australia/” target=”_blank”>Australia</a>.</p><blockquote class=”twitter-tweet”><p lang=”en” dir=”ltr”>This wasn’t a “hack”. Optus literally left the door wide open. The perp simply used a connection that wasn’t password protected to download the data.THAT’S a bigger story than a hack.Optus are culpable because the data was exposed and unprotected.It wasn’t hacked.</p>— 𝗝𝗮𝘀𝗼𝗻 𝗝𝗼𝗿𝗱𝗮𝗻 (@jasonjordan) <a href=”https://twitter.com/jasonjordan/status/1574562847623090176?ref_src=twsrc%5Etfw”>September 27, 2022</a></blockquote><p>The hacker initially asked for $1 million as ransom from the company and threatened to publish 10,000 Optus customers every day until the money is received. However, an anonymous online account claiming to be the hacker dropped the ransom demand recently and assured the deleting of the compromised data.</p><p>“At this stage, it appears that the data breach is limited to retail customers (and potentially small businesses) while enterprise accounts do not appear to be impacted,” ASIC’s email stated.</p><p>“The email from <a href=”https://www.financemagnates.com/terms/a/asic/” target=”_blank” id=”dfb41d67-b79e-4b09-b365-1f341b85a51b_5″ class=”terms__main-term”>ASIC</a> is very prudent given the scale of the Optus data breach,” Sophie Gerber, founder and Co-CEO of TRAction told Finance Magnates. “Although it has been sent to a subset of AFSL holders, really it applies equally to all businesses that deal with Australians regardless of whether they are in financial services.”</p><p>“Although it has been claimed that the hacked data has now been deleted, there is no doubt a level of skepticism given the nature of the party involved.”</p><p>Indeed, Optus also agreed to bear the multimillion-dollar cost of changing the driver’s license number of Australians affected by the data breach.</p><p>Earlier, ASIC also clarified that it expects all regulated market participants to “<a href=”v” target=”_blank” rel=”nofollow”>address cyber risk</a> as part of their AFS license <a href=”https://www.financemagnates.com/terms/o/obligations/” target=”_blank” id=”5dbcbf88-8622-4828-a29c-70a680d32fb5_1″ class=”terms__secondary-term”>obligations</a>.” However, the regulator does not recommend any technical standards or expert guidance as a part of the Australia Financial Services license requirements.</p><p>“ASIC has issued quite a number of media releases about cybersecurity and combined with the RI Advice, they show the level of scrutiny being applied to these issues. AFSL holders should be taking active steps to actively manage their cybersecurity and identity verification processes, staying on top of all developments and adapting accordingly,” Gerber added.</p>
This article was written by Arnab Shome at www.financemagnates.com.