An online account that claims to have Optus customer data says it has released 10,000 records and will publish more unless the telecommunications company pays a ransom.
Some cyber security experts believe the account is legitimate, but it has not been confirmed by Optus or the Australian Federal Police. Last week, the same online account claimed to be selling stolen records, which included email addresses, dates of birth, first and last names, phone numbers, drivers license, and passport numbers.
The AFP said they were monitoring the dark web and internet forums at the time, but they have refused to comment on these latest posts.
Kelly Bayer Rosmarin, Chief Executive, told ABC's AM on Tuesday that there was a lot of misinformation about the breach.
Asked about a post last week by a user who claimed to be selling the data, she said: We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that. Ms Bayer Rosmarin said that they were not the villains in the situation and that customers should be on high alert.
Optus said that it had been advised by the police not to give a number for how many customers had been affected, and that it had contacted all those whose information was compromised in the attack.
Customers dating back to 2017 could be at risk of identity theft.
On Monday, Home Affairs Minister Clare O'Neil accused the company of leaving customers' data vulnerable to a basic hack, which Optus denied.