September 29, 2022
PRESSURE is mounting on Optus to pay for the replacement of Australian passports, with the federal government demanding the telco urgently confirm it will cover the fees.
A letter to Optus CEO Kelly Bayer Rosmarin from Foreign Affairs Minister Penny Wong on Wednesday warns affected customers are at risk of fraud and identity theft and may choose to replace their travel document.
“There is no justification for these Australians – or for taxpayers more broadly on their behalf – to bear the cost of obtaining a new passport,” Senator Wong wrote.
It comes as the widespread ramifications of the data breach affecting almost 10 million Australians continued to be revealed, with Health Minister Mark Butler saying it took five days to be notified that people’s Medicare details were among the lost data.
Late on Wednesday Optus said that of the 9.8 million customer records exposed, 14,900 included valid Medicare ID numbers that had not yet expired. Another 22,000 expired Medicare numbers were also accessed.
“All of the customers who have a Medicare card that is not expired will be contacted within 24 hours,” a spokesman said, adding they would also contact those who had expired numbers out of an “abundance of caution”.
Those affected are able to seek a new card via Services Australia. But Mr Butler said the government was “concerned” that it and consumers weren’t notified earlier. A second class action is also brewing, with law firm Maurice Blackburn announcing it was investigating a claim and whether customers were entitled to compensation.
Tens of thousands of current and former Optus customers have registered with Slater and Gordon after it revealed it was looking into a class action.
“The customers impacted by the latest breach will understandably be feeling letdown by Optus and vulnerable as a result of this latest blunder, especially those whose data was compromised back in 2019,” Maurice Blackburn principal lawyer Vavaa Mawuli said.
“It is very disappointing that Optus still seems unable to put in place effective safeguards to protect its customers’ information.”
Daniel Andrews on Wednesday apologised to Victorians for any delays experienced while trying to obtain new licences from VicRoads following the Optus hack. The Victorian Premier asked those affected to be patient, saying VicRoads staff were doing their best to provide support.
“We’re not going to be seeking (payment) from ordinary Victorians who have been impacted by this,” Mr Andrews said. “In terms of additional costs that we will have incurred, we will have a conversation with Optus.
“Who knows what that private company’s view will be – I dare say that they will be unlikely to provide us with the funding to clean up their mess – that’s usually the way private companies operate.”
Treasurer Jim Chalmers said the government had been holding high-level talks with banks, financial regulators and the Reserve Bank of Australia to examine options to limit the harm caused by the cyber attack.
This could include major banks receiving the names of affected Australians so they can be on alert for any suspicious activity. But concerns that sharing the information could breach privacy laws is leading to a holdup.
The government is also considering what other regulatory levers can be pulled, with a review that will investigate if any legislative changes will be needed in future.
But the Coalition has slammed the government for its “slow action”.
Opposition cyber security spokesman James Paterson said it was increasing stress and confusion for those affected, adding there was no certainty for people seeking to replace their passports.
“Immediate action should be taken to guarantee victims the opportunity to obtain anew passport now without charge, while terms to cover costs are negotiated with Optus,” Senator Paterson said. Fowler MP Dai Le has called on Optus to allow customers to exit their contracts without facing financial penalty. Ms Le said Australians who signed up to a mobile contract trusting their data to be adequately protected, and Optus “must respect customers‘ desire to exit their contracts when trust is lost”. But leading cybersecurity expert Susan McLean warned no business was immune from having data stolen by hackers.
