Optus has launched an independent, external review of the circumstances surrounding the mass cyber attack on its customer's data.
Embattled chief executive Kelly Bayer Rosmarin, who has been criticised for the way Optus has handled the attack, recommended the review to the board which unanimously agreed to it.
Ms Bayer Rosmarin said the telco was committed to rebuilding trust with its customers and the review would assist that process.
"We're deeply sorry that this has happened and we recognise the significant concern it has caused many people," she said in a statement.
"While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong."
She said the review would help Optus understand how the attack happened and ensure it would not happen again.
International professional services firm Deloitte will conduct the review of Optus security systems, controls and processes.
The telco was slammed by a federal minister on Monday for not being more forthcoming about the full nature of the breach.
Cabinet minister Tanya Plibersek said while people had been receiving their bills on time, Optus had not told customers whether their personal details have been stolen.
"One of the real problems is the lack of communication by Optus, both with its customers and the government," she told the Seven Network on Monday.
"I don't think the company is doing a particularly good job with its customers or providing the government with the information we need to keep people safe.
"It's extraordinary we don't have any Medicare numbers or Centrelink numbers that may have been compromised."
Yet former home affairs minister Karen Andrews said the government's response to the breach had also been inadequate.
While she did not absolve Optus from its corporate responsibilities, Ms Andrews said the government had "failed quite dismally" in its response.
"The federal government funds an organisation called IDCARE which is ready, willing and able to assist people who have had their identity stolen and could have provided advice to Optus customers," she told ABC Radio National.
She said the breach was a "wake up call" for all of corporate Australia about the importance of data protection.
At least 10,000 parcels of ID data taken in the breach, were put on the internet for sale by the hacker, before it was took it down.
Cyber Security Minister Clare O'Neil said Optus needed to be up-front about what specific data had been taken about individuals, with the government not knowing how many passport numbers had been stolen.
She said the government was particularly concerned for those people whose sensitive data had already been published in the "ether".
The minister also criticised the former Morrison government, describing laws designed to protect Australia's critical infrastructure from cyber attacks as "absolutely useless".
"This company (Optus) has just overseen what is without question, the largest consumer data breach in Australian history," Ms O'Neil said on Sunday.
Opposition cyber security spokesman James Paterson said the coalition would be open to bigger fines for breaches of the Privacy Act.
In a statement, an Optus spokesperson said the company was working with government agencies to determine which customers it needed to take action on.
"We continue to seek further advice on the status of customers whose details have since expired. Once we receive that information, we can notify those customers," the spokesperson said.
"We continue to work constructively with governments and their various authorities to reduce the impact on our customers."
