Optus Updates Data, Says 2.1 Million Australian ID Documents Exposed After Massive Data Breach

Optus Updates Data, Says 2.1 Million Australian ID Documents Exposed After Massive Data Breach
General view of an Optus store in Sydney, Australia, on Sept. 22, 2022. (AAP Image/Bianca De Marchi)
Alfred Bui
10/4/2022
Updated:
10/4/2022

Australian telco giant Optus has confirmed that the ID documents of over 2.1 million customers have been exposed following the recent cyberattack.

Among those documents are 1.2 million current driver’s licence numbers and an additional 900,000 expired ones.

The company also noted that the stolen data did not contain valid or current document ID numbers of about 7.7 million individuals or organisations.

In addition, Optus said it was contacting affected customers to inform them what ID documents had been exposed.

“Optus has sent an email or SMS to the customers that have had current ID documents compromised in the cyber attack, advising that details from their ID documents have been compromised and what they should do,” the company said in a statement.

Optus Announces Independent Review of the Cyberattack

After confirming the extent of the data breach, Optus announced that the company would conduct an independent, external review of the circumstances surrounding the cyberattack, with the company engaging the international professional services firm Deloitte to review its security systems, controls and processes.

Optus CEO Kelly Bayer Rosmarin, who has been criticised for the way the telco has dealt with the aftermath of the data breach, said Optus was committed to regaining trust from its customers and that the review would assist that process.

“We’re deeply sorry that this has happened, and we recognise the significant concern it has caused many people,” she said in a statement.

She also noted that the review would help the company find out how it was attacked and ensure that the incident would not occur again.

The apology from the Optus CEO comes as the federal government criticised the telco for its approach to the hack with cabinet minister Tanya Plibersek saying Optus was on time when sending bills to customers, but so far, it had not told them whether their personal details had been stolen.

“One of the real problems is the lack of communication by Optus, both with its customers and the government,” she told the Seven Network.

“It’s extraordinary we don’t have any Medicare numbers or Centrelink numbers that may have been compromised.”

Former Australian Minister for Home Affairs Karen Andrews speaks during a press conference in Sydney, Australia, on June 8, 2021. (Mark Evans/Getty Images)
Former Australian Minister for Home Affairs Karen Andrews speaks during a press conference in Sydney, Australia, on June 8, 2021. (Mark Evans/Getty Images)

Meanwhile, former home affairs minister Karen Andrews criticised the federal government’s response to the cyberattack.

While she did not exonerate Optus from its role in the data breach, Andrews said the government had “failed quite dismally” in its response.

On the government’s side, Cyber Security Minister Clare O'Neil said Optus needed to be honest about the stolen data as the government did not know how many passport numbers were exposed.

At the same time, she criticised the former Morrison government, saying the laws it introduced to protect Australia’s critical infrastructure from cyberattacks were “absolutely useless.”

Optus Hands Over Data

In a recent development, Optus has handed over its data to the government nearly a fortnight after it announced the massive data breach.

Government Services Minister Bill Shorten said his department had received the data and was assessing it.

“We shouldn’t have to play hide and seek and wait to day 13 to get material,” he told reporters.

“What it’s about is the horses bolted. We’re trying to close the gate.

“All I’m motivated by is to get the information, so I can stop hackers from hacking into government data and further compromising people’s privacy.”

This comes as Optus has released revised data about the hack, which it now estimates saw up to 50,000 Medicare records stolen and and 150,000 customers’ passport data.

Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].
Related Topics