Government Services Minister Bill Shorten says extent of leaked Medicare details still not revealed

Optus dismissed the criticism, saying it was seeking advice regarding clients whose documents had since expired.

The leak of over 10,000 individual details as part of an Optus ransom attempt included over 3,200 driver’s licenses, 151 foreign passports, 110 passports, 55 health insurance cards, 55 proof of identity cards. age, 41 photo cards and 31 learner drivers. ‘ licenses.

Optus revealed that more than 37,000 health insurance numbers were exposed in the data breach – about 15,000 are active.

Optus last week gave in to demands from Prime Minister Anthony Albanese to cover the cost of new passports, adding to the company’s rising costs after it agreed to reimburse replacement driving licenses.

Ms O’Neil, who dismissed the company’s claims that the breach was a sophisticated cyberattack, said Optus should communicate clearly to the government and its customers the exact information that was taken.

She said emails to the 10,200 people whose data was published online were insufficient. This group has been advised to urgently update their information.

“Advice from the Australian Government is that if you have been told that you are subject to this particular part of the breach, you should immediately proceed with the cancellation of the relevant identity cards, the cancellation of your passport and do whatever is necessary to make sure you are getting new identity documents,” she said.

“Transparency and accountability are paramount here. It is crucial that everyone who has been affected by this breach is properly informed.

“We’re going to have to go through a process of direct conversation with those 10,200 people.”

In a statement provided to The Australian Financial Review On Sunday, Optus said it was seeking additional guidance regarding certain customers.

“We have worked closely with federal, state and territorial government agencies to determine which customers are required to take action,” a spokesperson said.

“We continue to seek further advice on the status of customers whose details have since expired. Once we receive this information, we can notify these customers. »

The Australian Federal Police have launched two investigations into the breach and are receiving assistance from overseas law enforcement agencies, including the FBI.

States are unclear on the scale of violations

State and territory governments complained last week that Optus had yet to provide details on the extent of lost driver’s licenses. He agreed to reimburse the cost of the new licenses, but car registries and call centers said they were overwhelmed with anxious customers.

In Queensland, 7,000 requests for a replacement license number were processed on the first day of publicity about the data breach, compared to a usual average of 30 per week.

Opposition cybersecurity critic James Paterson expressed concern for the government and Optus appeared to disagree over the breach.

“It is frankly alarming that the relationship between Optus and the government has deteriorated to such an extent that two ministers are due to give a press conference on Sunday morning to demand data which the company should have made available quickly,” he said. . Financial analysis.

“Optus customers just want to know that the company and the government are working together to do everything possible to protect them.”

On Sunday, the Coalition offered to work constructively with any Labor Party initiative to toughen legislative requirements or increase fines for companies that fail to adequately protect customer data.

Attorney General Mark Dreyfus said the breach was a wake-up call for Australian businesses and suggested privacy law could be updated before the end of the year, including new ones. severe penalties for violations.

“This appears to have been the case with Optus retaining very personal data of customers who ceased to be customers years ago and I have yet to hear the reason why this was happening,” he said. he told ABC.

Optus entered into binding undertakings with the Australian Privacy Commissioner in 2015, after it was revealed that the company was responsible for a series of data breaches between 2008 and 2014, affecting up to 400,000 people.

Customers using voicemail and modem services were affected, and Optus incorrectly posted hidden phone numbers in public online directories.

The company was criticized for its lack of security and failure to detect incidents, and agreed to an external audit and the implementation of improved security settings.

Ashley C. Reynolds