Optus will pay to replace passports of Australians caught up in a major cyber attack that saw the telco lose personal information for millions of current and former customers.
Prime Minister Anthony Albanese confirmed the telco would cough up after demands from the Federal Government.
“Optus have responded to the request that I made both in the parliament and that Senator Wong made in writing to Optus … they will cover the costs of replacing affected customers’ passports,” he told reporters after a meeting of national cabinet.
“I think that’s entirely appropriate. I find it extraordinary that the Federal Opposition called upon taxpayers to foot the bill.”
On Wednesday, Foreign Minister Penny Wong asked for confirmation from Optus’ chief executive that the company would cover the costs of new passports.
A replacement passport costs $193.
Prime Minister Anthony Albanese has confirmed that Optus will ‘foot the bill’ for the cost of replacement passports. Picture: NCA NewsWire / Gary Ramage
“There is no justification for these Australians – or for taxpayers more broadly on their behalf – to bear the cost of obtaining a new passport,” she wrote in a letter to the telco.
Anthony Albanese, who met with chief Kelly Bayer Rosmarin on Saturday, revealed on Thursday that the company had yet to respond to the government’s demand.
“The taxpayers shouldn’t pay for this. Our view is very clear. We’ll continue to pursue that view,” the Prime Minister told 5AA radio.
The announcement was made shortly after the Australian Federal Police bolstered their response to the breach, with a focus on protecting those who have already had 100 points of identification exposed online.
Almost 10 million Australians were impacted in the hack, which exposed personal details such as their full name and address, as well as passports, drivers licence and Medicare numbers.
AFP Assistant Commissioner Cyber Command Justine Gough addressed the media on Friday to provide an update into the ongoing investigation into the data breach.
She said identifying the hacker was going to be a “long and complex” process and that police are focused on protecting those whose data has already been breached.
The data hack impacted almost 10 million customers. Picture: NCA NewsWire / Nicki Connolly
A post on an online forum on Tuesday advertising the sale of 10,000 peoples data has since been removed but the AFP have warned other criminals may have access to some, or all, of the data.
These 10,000 individuals, who potentially had 100 points of identification released online will be prioritised in police efforts.
Operation Guardian this been launched to “supercharge” the protection of all customers impacted by the breach.
It is a joint partnership between law enforcement, the private sector and industry which will work to identify those impacted. monitor the dark web for criminals, and engage with the financial services to detect criminal activity linked to the data breach.
“Cyber crime is the break-and-enter of the 21st century and we encourage all Australians to be extra vigilant about their online security at this time,” Assistant Commissioner Gough said.
“The 10,000 individuals who potentially had 100 points of identification released online will be prioritised.”
She said the AFP was collaborating with international law enforcement, including the FBI.
AFP launch Operation Guardian to boost protection of hack victims. Picture: NCA NewsWire / Nicki Connolly
“We are talking about a type of crime that is borderless.”
The AFP will also engage with the financial services industry to detect criminal activity associated with the breach.
The AFP have confirmed Optus is co-operating with police.
Optus confirmed this week that the Medicare ID numbers of 36,900 Australians were exposed – including almost 15,000 that were still valid.
The telecommunications giant said they would contact all of those impacted within 24 hours.
The federal government has said it is “furious” that Optus took five days to notify them of the breach of Medicare data and has promised to reassess its data and privacy laws urgently.
Attorney-General Mark Dreyfus raised concerns about why Optus was keeping the data of customers – and former customers – for somany years.
“If a company says we need to see your driver’s licence or we need to see your passport number for the purpose of establishing that you are who you say you are, that should be the end – one might think – of the company keeping all that data,” Mr Dreyfus said.
Impacted customers have been lining up to get replacement passports after the breach. Picture: Liam Kidston
On Thursday it was revealed that the hack may also affect the customers of Optus subsidiaries such as Gomo, Dodo, and iiNet.
A spokeswoman for Amaysim told NCA NewsWire their customers were not affected.
Virgin Mobile was also included on the list – though they shut down in 2018.
There are reports that sophisticated scammers are contacting Optus customers via phone, email and text to get further personal information from the victims of the breach.
What do if you think you’ve been hacked:
Look out for any suspicious or unexpected activity across your online accounts, including your telco, bank and utilities accounts. Make sure to report any suspicious activity in your bank account immediately to your financial institution;
Do not click on any links in any email or SMS claiming to be from Optus.
If someone calls claiming to be from Optus, police, bank or another organisation and offers to help you with the data breach, consider hanging up and contacting the organisation on its official contact details. This can be a scammer calling using your personal information.
Never click on any links that look suspicious and never provide your passwords, your bank’s one time pins, or any personal or financial information.
If people call posing as a credible organisation and request access to your computer, always say no.
- Madeleine Achenza, news.com.au
Take your Radio, Podcasts and Music with you