Optus is under pressure to foot the bill for replacing personal information exposed to criminals in a huge hack last week as governments begin to issue new documents to affected customers.
The embattled telco is coming under fire from federal and state leaders, including Victorian Premier Daniel Andrews, federal Deputy Treasurer Stephen Jones and even federal Opposition Leader Peter Dutton as the fallout widens from nearly 10 million customers having their data stolen.
Current and former Optus users have had emails, addresses, phone numbers and other identifying documents such as licences, passports and even Medicare details stolen by criminals in the huge data breach.
About 10,000 customers have already had their details leaked online by the alleged hacker, who has also claimed to have deleted other data.
On Wednesday afternoon foreign affairs minister Penny Wong wrote to Optus demanding the telco pay for new passports for hacking victims.
“Passport customers affected by this breach and concerned about identity fraud may choose to replace their passports,” Ms Wong wrote.
“There is no justification for these Australians – or for taxpayers more broadly on their behalf – to bear the cost of obtaining a new passport.
“I therefore seek your earliest confirmation that Optus will cover the passport application fees for any customers affected by this breach.”
Meanwhile, officials in NSW, Victoria, Queensland and South Australia have all begin to cut red tape to assist people obtaining new licences.
NSW says it will charge a $29 replacement fee, but that this charge will be “reimbursed” by Optus.
“Optus will communicate to customers on how they will go about that,” NSW’s customer service minister Victor Dominello said on Wednesday.
Premier Andrews said on Wednesday that Victoria would issue new licenses to those affected by the hack for free, but wants Optus to pay.
“We’re also going to seek some compensation from Optus, because this is on them,” he said.
“I dare say they will be unlikely to provide us with the funding to clean up their mess – that’s usually the way private companies operate.”
|
FBI brought into to aid Optus probe
10 News First – Disclaimer |
|
As the federal government considers whether new Medicare numbers need to be issued, Mr Jones said neither the Commonwealth nor any other government should have to foot the bill for “a stuff-up by Optus”.
Mr Dutton said on Wednesday that people should not have to pay fees to protect themselves from identity theft as a result of the hack.
He called on the federal government to waive fees for Australians who need to obtain new passports too, though Mr Jones has said passports had multiple layers of security and were still safe to use.
“People should pay the fee and seek to recover it either from a government level or an individual level from Optus,” Mr Dutton said.
“Frankly, Optus should bear the cost.”
Australia’s banks and financial regulators have also met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach.
Treasurer Jim Chalmers said the government had been “working around the clock” and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns.
“We’ll do our best to resolve these issues as soon as we can as part of a suite of broader efforts,” he said.
“We want to … make sure that if there’s more that can be done by financial institutions to monitor risks and protect consumers, then that should be done.”
Meanwhile, the FBI is joining the Australian Federal Police in probing the alarming incident.
Attorney-General Mark Dreyfus revealed the international cooperation as the group behind the breach scrapped its ransom demand and claimed to have deleted the 11 million customers’ records it scraped from the telco’s website.
The attempt to force Optus to pay $US1 million ($1.54 million) by Friday was dropped hours after the group released a batch of 10,000 Australian customers’ sensitive details on a data breach forum on the clear web.
The hackers said they would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.
Optus said it had emailed or texted customers whose details were compromised and apologised for the concern it has caused. But it insisted payment details and account passwords were not compromised.
The privacy commissioner has urged Optus customers to be vigilant and not click on any links in text messages.
Optus has been contacted for comment.
-with AAP
