Enter your email to read this article
Read news on any topic, in one place, from publishers like The Economist, FT, Bloomberg and more.

Privacy help for victims of Optus hack

Australians caught out in the massive Optus data breach may be able to change their driver's licence numbers.

At a Labor caucus meeting on Tuesday, Attorney-General Mark Dreyfus was asked about the trove of information stolen, and said the option was being considered with the privacy commissioner.

He said the commissioner wasn't notified by Optus of the breach involving almost 10 million customers, until late Friday, the day after it was first reported.

"Optus has a responsibility for the privacy of both current and former customers," Mr Dreyfus said.

He said it was important to relay advice from the privacy commissioner to the public, and warned people should not click links that are sent to them.

An ongoing privacy review will be completed this year.

In a statement, Home Affairs Minister Clare O'Neil said she was "incredibly concerned" about reports that Medicare numbers were now being offered for free and for ransom.

"Medicare numbers were never advised to form part of compromised information from the breach," she said.

"Consumers have a right to know exactly what individual personal information has been compromised in Optus' communications to them."

The sensitive details of 10,000 Australian customers have been released by the group behind the massive Optus data breach.

The illegally obtained information includes passport, Medicare and driver's licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.

A check of 12 random email addresses against records held by Have I Been Pwned found nine had not previously been exposed in breaches.

The information was exposed on a data breach site on the clear web after the group behind the theft said Optus had not met its extortion demand.

It claimed it would release 10,000 records each day until Friday if Optus doesn't pay $1.5 million.

Government Services Minister Bill Shorten said Optus hadn't done enough to protect customers and its response "needs to be much more diligent."

"It's time for ... a big overhaul of how our data is kept by big corporations," he told the Nine Network's Today.

Optus says it was the victim of a sophisticated attack - a characterisation dismissed by Ms O'Neil.

A federal police investigation has been launched into the data breach, which has affected 9.8 million Australians.

Opposition cyber security spokesman James Paterson told Sky News the government bore some responsibility and criticised its response to the hack as "slow".

Ms O'Neil launched a scathing attack on Optus in parliament on Monday.

She said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.

The minister called on Optus to provide free credit monitoring to former and present customers whose data had been stolen.

Optus says it will offer "the most affected" customers the chance to take up a one-year subscription to credit monitoring service Equifax Protect at no cost.

Related Stories
‘Compensation from Optus’: Telco under pressure to pay for hack cleanup
Optus is under pressure to foot the bill for replacing personal information exposed to criminals in a huge hack last week.
From analysis to the latest developments in health, read the most diverse news in one place.
‘Serious privacy breach’: Optus faces class action as hack fallout widens
Optus is staring down a possible class action after the personal data of millions of its customers was exposed in a massive hack last week.
Child’s play? Damning verdict on ‘trivial’ Optus hack
Optus is under fire for lacklustre cyber security and failing to disclose key details about the hack to consumers.
Australia flags privacy overhaul after huge cyber attack on Optus
Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country's second-largest telecoms firm.
Optus hack exposes failure to prepare
Reports the Optus hacker has withdrawn the threat to release more personal data onto the web is cold comfort for the more than 10,000 people whose information was dumped.
One place to find news on any topic, from hundreds of sites.
Data stolen in the Optus hack? Here’s what to do
If you’re an Optus customer worried about the recent hack, here’s how to protect yourself as the fallout continues.