The fallout from last week's cyber attack on telecommunications giant Optus, which exposed the details of current and former customers, is continuing.
The leaked information includes dates of birth, names, phone numbers and, in some cases, addresses and drivers licence numbers.
Nearly a week after the attack, we're still trying to get a clear picture of what happened and what it means for affected people.
Here's the latest.
Why am I hearing about a hacker making ransom demands?
You might have seen this screenshot from BreachForums floating around — it was being shared on social media this morning:
It features a threat from someone claiming to have the data asking for a ransom of $US1 million ($1.5 million) on Saturday.
The user claims to be selling the data, which includes email addresses, dates of birth, first and last names, phone numbers, drivers' licence and passport numbers.
The red writing underneath shows the supposed hackers threatening to release 10,000 records from for every day the ransom is not paid within a week.
The user claimed 10,000 records were published this morning, but people were warned not to click any links in the post.
Some cyber security experts believe the account is legitimate, but it has not been confirmed by Optus or the Australian Federal Police (AFP).
The ABC has contacted both for a response.
Guardian Australia tech reporter Josh Taylor said he'd seen some of the released files and they looked legitimate.
"It's got names, date of births, email addresses, postal addresses, phone numbers, Medicare card numbers, passport numbers, drivers licence numbers — its got everything," he said.
"These are what is used in the 100 points of documentation you need to prove your identity with a lot of corporations."
A few hours later, the user appeared to have apologised:
Here's the full text of that post:
"Too many eyes. We will not sale data to anyone. We cant if we even want to: personally deleted data from drive (Only copy)
"Sorry too 10.200 Australian whos data was leaked.
"Australia will see no gain in fraud, this can be monitored. Maybe for 10.200 Australian but rest of population no. Very sorry to you.
"Deepest apology to Optus for this. Hope all goes well from this
"Optus if your reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message.
"Ransom not payed but we dont care any more. Was mistake to scrape publish data in first place."
What does the Optus CEO say?
The ABC's Peter Ryan spoke to Optus boss Kelly Bayer Rosmarin about a ransom demand this morning.
She said she couldn't say much because of the Australian Federal Police investigation, but confirmed the company was aware of the post:
"We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that," she said.
Here's what an AFP spokesperson said about the alleged ransom on Saturday:
"The AFP is aware of reports alleging stolen Optus customer data and credentials may be being sold through a number of forums, including the dark web.
"The AFP is using specialist capability to monitor the dark web and other technologies and will not hesitate to take action against those who are breaking the law."
How will I know if my ID numbers have been stolen?
You should have received an email or text from Optus by now.
Here's an update from Optus from Monday morning:
"Optus has now sent email or SMS messages to all customers whose ID document numbers, such as licence or passport number, were compromised because of the cyber attack."
What does the Optus email look like?
Here's a screenshot of an email sent to a customer earlier this week:
If I haven't got an email yet, am I in the clear?
Not necessarily.
As of Monday morning, Optus said it was still in the process of contacting people whose other details, such as email address, have been illegally accessed.
Optus says its official emails and text messages will not have hyperlinks in them.
If you receive an email or text that looks like it's from Optus and it has a link, do not click that link — it could be a scam.
Who can I call for help?
The Office of the Australian Information Commissioner (OAIC) says anyone who thinks they're involved should contact Optus at the first instance.
The office said to try the Optus website first before calling the company on 133 937.
The OAIC has more details on steps you can take on its website.
What is Optus doing to help affected people?
It's offering "the most affected current and former customers" a free 12-month subscription to credit monitoring and identity protection service Equifax Protect.
"The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost," the company said on Monday.
What else can customers do?
IDCare, a not-for-profit charity which describes itself as Australia's national identity and cyber support service, has put out a fact sheet on the breach with advice for victims. However, it says people should consider their personal circumstances.
It recommends the following precautionary proactive responses:
- Remain vigilant about scams and unsolicited calls, emails and text messages: Look out for any suspicious or unexpected activity across your online accounts and report it to your provider if you see something that doesn't look right
- Wherever possible, ensure any accounts you have in place are protected with multi-factor authentication
- Check your free credit reports with Equifax, illion and Experian: ID Care says credit reports allows you to check to see if someone tried to obtain credit in your name. It recommends going through each of the three agencies to ensure nothing's missed and make sure you're using a device with updated anti-virus protection if you're doing this over email. However, ID Care says that, if an ID theft event has only just happened, it's recommended you wait a week before applying for the credit report
- Apply for a credit ban: ID Care says this means that credit reporting agencies can't disclose any personal information from your consumer credit file to any credit providers unless they have written consent or are required to do so by law. Again, IDCare recommends going through all three agencies.
Here's where you can go to request a credit history:
And here's where you can request a credit ban:
State governments on Tuesday addressed concerns over leaked drivers licence details, with Queensland, Victoria and New South Wales saying they will work to support those affected who wish to replace their licences.
And, while you're thinking of cyber security, it might be an idea to head to the HaveIBeenPwned website and check to see if your mobile number and email address have appeared in recorded data breaches.
It's a free site run by Troy Hunt, an Australian cybersecurity expert who keeps a database of known leaked data.
