Optus hack: No new passports needed, telco tells hacked customers
Optus says talks with the federal government mean hacked customers do not need new passports, but the telco has failed to say why.
The nation’s second largest telco has claimed that customers caught in a recent hack which saw the personal information of 9.8 million exposed online will not require a new passport.
Optus and its parent company Singtel released a statement to the Singapore stock exchange saying that talks with the federal government had resulted in the decision.
“As a result of discussions with the Australian Government, Optus is now communicating to customers whose passport number was exposed in the cyberattack that they will not need to replace their passports,” the statement said.
“The Australian Government has been working with Optus to safeguard customers from the possibility of identity crime, including providing advice on actions impacted customers should take, if any.”
However, the telco failed to explain how it came to this decision, which comes two weeks after Prime Minister Anthony Albanese said he believed the telco should foot the bill of replacing passports.
“We know that this breach should never have happened and the government expects Optus to do everything within its means to support affected customers,” he said at the time.
“We believe Optus should pay, not taxpayers.”
Foreign Minister Penny Wong has also written to Optus chief executive Kelly Bayer Rosmarin stating there was “no justification” for Optus customers or taxpayers paying for a passport replacement.
As many as 150,000 passport numbers and 50,000 Medicare numbers have been stolen in the Optus breach. Replacement passports cost $193, according to Department of Foreign Affairs and Trade website.
In an email to customers delivered late on Friday, Optus claimed that copies of passports including customer images were not exposed.
“During analysis as part of our ongoing investigation, we’ve discovered the number on your Australian Passport was exposed. Please note, a copy of your passport including your image was not exposed,” the email read.
The email went on to say that the government had advised “you don’t need to replace your passport” as it had asked the Department of Home Affairs to place an online block on the use of affected customer passports via document verification service.
“This means it can’t be used to verify your identity online via the DVS. You can still use your passport to verify your identity in-person for up to three years past its expiry,” it read.
“If your passport is still current, the Department of Foreign Affairs and Trade has advised it’s safe to use your passport for international travel. The Australian Passport Office has robust controls to protect your identity, including facial recognition.”
Customers were also provided a code to access a 12-month Equifax Protect subscription.
The move from Optus arrives days after the Office of the Australian Information Commission and the Australian Communications Media Authority announced separate investigations into the hack.
Commissioner Angelene Falk said Optus could be fined “up to $2.2 million for each contravention” should the OAIC find the company failed in its handling of consumer data.
Singtel revealed on Monday another of its Australian businesses, IT consulting firm Dialog, had also been caught in a data breach that compromised the data of more than 1000 employees and customers.
According to Singtel, 1000 current and legacy Dialog staff and 20 clients had their details published on the dark web.
The company’s portfolio includes some major Australian corporations and government agencies including National Australia Bank, Suncorp, Rio Tinto, the NSW Electoral Commission, Virgin Australia, Flight Centre and ESS Super, Alfred Health, the NSW Anti-Corruption Organisation, the Queensland Government Department of Communities, the Victorian Government GIS and the University of Tasmania in its portfolio.
It’s understood that some of the companies listed on Dialog’s website including Virgin Australia did not provide full system access and were not impacted by the breach.
More Coverage
CBA rolls out AI agent for business customers
Commonwealth Bank is introducing an AI agent for tens of thousands of business customers that will handle queries and provide ChatGPT-style responses.
Meet ‘Matilda’ – Australia’s chance to ride the DeepSeek wave
China has shown the world artificial intelligence can be done on the cheap, opening the door for Australia to catapult itself into a new digital Cold War.