Foreign Affairs Minister Penny Wong wrote to Optus chief executive Kelly Bayer Rosmarin on Wednesday asking for “confirmation” the company would pay for the passports.

“As you will appreciate, this serious incident creates a risk that the personal information of current and former mutual customers of the Australian Passport Office and optus will be subject to exploitation by criminals,” Ms Wong said in the letter seen by News Corp.

“Risks include fraud, identity theft and other acts that could affect the interests and well-being of affected customers.”

Ms Wong said customers impacted may choose to replace their passports as a result of the breach.

“There is no justification for these Australians — or for taxpayers more broadly on their behalf — to bear the cost of obtaining a new passport,” she said.

“I therefore seek your earliest confirmation that Optus will cover the passport application fees of any customs affected by this breach whose passport information was disclosed and who choose to replace their currently valid passport.”

TELCO COULD FACE TWO LAWSUITS

Optus could be hit with a second class action lawsuit after law firm Maurice Blackburn announced it too was investigating a claim in the wake of last week’s hack.

In a statement issued by Maurice Blackburn, this will be the second legal claim the law firm has pursued with Optus in a matter of years.

In April 2020, the law firm launched an investigation after Optus mistakenly provided private data, including names and contact details of 50,000 customers to Sensis.

Maurice Blackburn principal lawyer Vavaa Mawuli said it was investigating whether customers were entitled to compensation.

“People would expect a large telecommunications service provider like Optus to have solid systems for protecting their customers’ personal infection,” she said.

“The customers impacted by the latest breach will understandably be feeling let down by Optus and vulnerable as a result of this latest blunder, especially those whose data was compromised back in 2019.

“It is very disappointing that Optus still seems unable to put in place effective safeguards to protect its customers’ information, so we are investigating a potential claim against them.”

It comes as tens of thousands of current and former Optus customers have registered with Slater and Gordon after it announced it was looking into a class action.

“People are rightly concerned that if a criminal has access to personal information, they may be subject to identity theft. Vulnerable members of the community, such as people who are survivors of domestic violence and victims of stalking and other threatening behaviour, are concerned perpetrators may be able to use the information to locate them,” Slater and Gordon class actions senior associate Ben Zocco said.

“We have heard some small business owners have had to suspend activity on credit accounts to protect the accounts, and people are rightly frustrated by the difficulty of changing such personal information. Of course, some information, like your date of birth, simply cannot be changed.”

GOVERNMENT PLANNING HOW TO LIMIT HARM

The names of Australians impacted by the Optus data breach could be shared with major banks so they can look out for suspicious activity and protect people from fraud in the future, the federal government has revealed.

Treasurer Jim Chalmers said the government has been holding high-level talks with banks, financial regulators and the Reserve Bank of Australia to examine options to limit the harm caused by the cyber attack.

“One of the big focuses of these discussions … is the safe and secure sharing of data between auditors and regulated financial institutions with the appropriate safeguards to allow those institutions to undertake enhanced monitoring for the purposes of best protecting consumers from any bad behaviour following this data breach,” he said.

Mr Chalmers said banks could play a “really important role” in protecting Optus customers most at risk of financial harm, but acknowledged privacy and other safeguards must be considered before any sharing of information occurred.

“Privacy is obviously an important consideration working with the Attorney General, which institutions can receive this data and under what terms and with what assurances, and the legal mechanisms required to facilitate this transfer,” he said.

“We’ll do our best to resolve these issues as soon as we can, as part of a suite of broader efforts that the government is undertaking to respond adequately to what’s happened here with … Optus.”

Mr Chalmers said the government also expected Optus to do as much as possible to protect and support customers impacted by the breach.

Fowler MP Dai Le has called on Optus to allow Australians to exit their contracts with the telco without facing financial penalty.

Ms Le said Australians who signed up to a mobile contract trusting their data to be adequately protected, and Optus “must respect customers‘ desire to exit their contracts when trust is lost”.

OPTUS VICTIMS COULD GET NEW MEDICARE NUMBERS

The federal government is furious it took five days to be notified that Medicare data had been caught up the Optus data breach.

Nearly 10 million Australians had their data – ranging from full names and addresses to passports and drivers’ licences – accessed in the broad-ranging incident that hit the database last Thursday.

It wasn’t revealed until Tuesday, however, that some Medicare information had also been caught up in the breach.

Health Minister Mark Butler said he was very concerned and considering options for Australians whose Medicare details were impacted.

He said the government was furious with Optus for not disclosing just how far-reaching the data breach had truly been.

“We were not notified that among passport details, drivers’ licence details and others that Medicare details had also been the subject of this breach,” he told ABC Radio.

“So we’re very concerned obviously about the loss of this data, and we’re working very hard to deal with the consequences of that.

“But we are particularly concerned that we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well.”

Mr Butler said the government didn’t know just how many people had had their Medicare details leaked, but they were looking at reparations.

“We’re looking at (getting people new Medicare numbers). We’ll have more to say about that as soon as we can, but we’re looking at that very closely,” he said.

“Right now, all the resources of government are going to protecting consumers in the face of this extraordinary breach of their personal data.”

Already, some state governments have announced drivers’ licences will be replaced for impacted customers, while the federal opposition has called on the government to replace passports free of charge.

OPTUS HACK VICTIMS SPEAK OUT

Victims of the Optus data breach have revealed to News Corp how they are feeling after having their personal details stolen in the hack on the telco giant.

For some customers, there has been more correspondence from their local bank than there has been from Optus.

Melbourne 29-year-old Madeleine Richards said she feels “very unsettled … a little bit violated … vulnerable” after her details were stolen.

Over the past four days she has contacted Optus several times seeking guidance on how she could protect herself after her name, date or birth, address and more were stolen.

Ms Richards said she received better advice from CBA and ING than Optus.

Another victim, Kristen, 25, of Victoria described the resources provided to her as “absolutely shocking” and like a “Band-Aid for a stab wound”.

“If they have all of the information that I have given to Optus they could potentially not only ruin my credit rating but my whole life,” she said.

CUSTOMER DETAILS STILL ON PUBLIC DISPLAY

Meanwhile, the private details of 10,000 Optus customers are still on public display despite being pulled down from the forum they were originally posted on.

The user ‘Optusdata’ removed their original post on a popular online data breach forum, which called for Optus to pay a $US1m ransom within seven days.

“Ransomware not payed [sic] but we dont [sic] care any more. Was mistake to scrape publish data in first place,” the hacker wrote in a lengthy post on Tuesday.

But other hackers have since reposted the personal information on the forum, as the Optus cyber attack deepens.

It comes as an Optus spokesperson told Information Security Media Group that the company has not paid a ransom to the attacker.

The FBI has now been called in to assist local crime-fighting agencies investigating the Optus hack.

AFP Assistant Commissioner Cyber Command Justine Gough on Tuesday said the investigation was going to be “extremely complex and very lengthy” but the AFP specialised in investigations of this type.

Investigators from the United States confirmed to News Corp Australia they were working with the Australian Federal Police.

“The FBI is aware of the recent cyber incident involving Optus and our assistance to our foreign partners is ongoing,” a bureau spokeswoman said.

Insurance Council of Australia chief executive Andrew Hall said the “extraordinary” cyberattack on Optus and its customers demonstrated the importance of business, big or small, to have “robust cyber protections in place”.

“This chilling example reminds us that more needs to be done to protect businesses and organisations from cyber-attacks,” he said.

“Working in partnership with government, insurers have a key role to play to help businesses protect themselves and recover from cyber-attacks.”

He said a new report from the Actuaries Institute provided a solution as to how industry and government could tackle the “significant challenge” together.

The Council supports a finding in the report that one of the current limitations for insurers writing cyber insurance is a lack of available data on cyber incidents, which if available could improve the understanding of cyber risk.

WHAT TO DO IF YOU ARE AN OPTUS CUSTOMER

The website Have I Been Pwned is a good resource to discover if your email address or phone number have been caught up in any data breaches.

The Australian Competition and Consumer Commission warned Optus customers to “take immediate steps” to secure all accounts, particularly financial institution accounts.

“You should also monitor for unusual activity on your accounts and watch out for contact by scammers,” the ACCC advised.

ID Care says they are unable to advise on a case-by-case basis how much of a customer’s personal information may have been hacked. The organisation advises remaining vigilant about scammers and organising multi-factor authentication for your accounts, wherever possible.

Prof Warren said it was a good idea to add two-factor authentication to any online banking or finance accounts, as well as pensions, social media and email. While that might seem onerous to some users, he said, some additional measures such as face scans and fingerprint identification were relatively easy.

ID Care has also advised the following:

• Scammers often impersonate government and businesses. Never respond to requests to

provide personal and account information, or access to your device.

• Make sure you disconnect and make your own enquiries.

• Never click on any links that look suspicious or provide passwords, personal or financial

information

• Consider subscribing to www.scamwatch.gov.au for the latest information about scams

impacting our community.

• Look out for any suspicious or unexpected activity across your online accounts and report

any fraudulent activity immediately to your provider

HOW TO REGISTER INTEREST IN THE OPTUS CLASS ACTION

Slater and Gordon is investigating a possible class action against Optus on behalf of current and former customers who have been affected by the unauthorised access to customer data announced by the company on September 22.

Class Actions Senior Associate Ben Zocco said that while the circumstances that led to the breach and the scope of customer data unlawfully obtained were yet to be confirmed by Optus, the consequences could potentially be significant for some customers, and the firm was assessing possible legal options for affected customers.

If you are or were an Optus customer who may have been affected and wish to register your interest in Slater and Gordon’s investigation, or for further information, go here.

— With reporting from Hayley Goddard, Ellen Ransley and Joseph Lam.

More Coverage

Optus’ big blunder it must fix

Joe Hildebrand