The telco confirmed there were about 1.2 million customers that had at least one form of current and valid identification and personal information accessed by hackers.

“Optus has communicated with these customers and recommended that they take action to change their identification documents,” the company said in a statement.

Further, there were about 900,000 customers who had numbers from expired identification documents stolen, as well as personal information.

“We continue to work with governments and agencies regarding what further steps, if any, those customers should take,” the telco said.

Optus confirmed the numbers after what it described as “extensive ongoing engagement with more than 20 federal, state and territory government agencies and departments”.

With the data of about 9.8 million customers caught up in the cyber attack, there are more than 7.7 million people who did not have ID numbers accessed by hackers.

These 7.7 million Australians are still warned to be on alert for scammers as they had data such as email addresses, date of birth and phone numbers taken.

Optus will undertake an independent review of its cyber security systems as customers were left fuming over a text message 12 days after the attack which has left millions in the dark about their data.

The company has engaged Deloitte to conduct an independent review into its cyber security systems.

In a statement issued by the telco, Optus chief executive Kelly Bayer Rosmarin recommended the review, which was supported unanimously by the Singtel Board, the parent company of Optus.

She said the review would play a crucial role in the company’s response.

“We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people. While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong,” Ms Bayer Rosmarin said.

“This review will help ensure we understand how it occurred and how we can prevent it from occurring again. It will help inform the response to the indecent for Optus. This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists.

“I am committed to rebuilding trust with our customers and this important process will assist those efforts.”

In a note lodged with the Singapore stock exchange, Singtel has indicated the telco is working with identity document issuing authorities to help customers affected after Medicare, driver’s licence numbers were hacked.

Singtel also confirmed it would defend the company in any potential legal class action, and it is continuing to assess the “financial implications” from the cyber attack.

It comes as Optus customers received a text message from the telco giant after 7pm AEDT on Sunday night, during the NRL Grand Final.

The cyber attack on Optus led to the private details of millions of Aussies being stolen, such as contact details, as well as passport and driver's licences.

Optus customers still don’t know if they have to change passports, drivers licence, Medicare card – and the text delivered on Sunday night did not shine much more light on the situation.

The text was general in nature and sent to everyone impacted by the breach.

“Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number. Your State or Territory government will provide advice on any action that you may need to take via their website,” the text from Optus read.

One Optus customer has slammed Optus and its poor response the cyber attack.

“As a loyal Optus customer, I have been with when they 1st (sic) came into the market and I received an email to say I was one of their customers that information has been released and trying to get onto them this week with no luck,” the customer said.

“Then just to receive an sms on my phone to say that my licence has been exposed and to contact my state government website to see where I go from there.

“Well no it’s your job and a phone call would have been better. Take some responsibility and to do this an hour before the grand final kick off. I am already stressed enough.”

The most recent post on Optus’ Facebook account was on September 20. It is not about the breach, which a lot of users have taken issue with.

One person wrote: “Your lack of communication is terrible. Same with your customer service. Non existent. How does a person actually get any answers from you?”

“How about updates on social media? You’re handling this terribly,” another posted on Optus’ Facebook page.

OPTUS SLAMMED FOR LACK OF COMMUNICATION

Optus has been slammed for its lax communication with customers and the government more than a week on from a major cyber attack.

Tanya Plibersek unloaded on the telco for being able to provide customers with their bills but not informing them whether their personal data had been stolen.

“One of the real problems is the lack of communication by Optus, both with its customers and the government,” the Environment Minister told Sunrise.

“I don’t think the company is doing a particularly good job with its customers or providing the government with the information we need to keep people safe.”

Optus has been in damage control following revelations the personal information of 9.8 million customers had been stolen, including 2.8 million people whose driver’s licences and passports had been compromised.

The embattled telco buckled to the government’s request to foot the bill for the cost of replacement passports after it agreed to do the same to replace driver’s licenses.

Apologetic advertisements were placed in the nation’s newspapers on the weekend, with the company promising to win back customers‘ trust.

But Nationals frontbencher Barnaby Joyce questioned how the company had been so lax with customer data in the first place.

“Those in the know say it wasn’t a very sophisticated way to get into the Optus information,” he told Sunrise.

“Why can’t they protect your privacy and get back to people and say we have a real problem here and be careful?”

It comes as tensions between the government and Optus reached a boiling point on Sunday after it accused the teclo of not co-operating over lost Medicare and Centrelink information.

More than 37,000 Medicare numbers were exposed in the data breach.

The Australian Federal Police have launched two investigations into the breach and are being assisted by the FBI.

Originally published as Optus reveals 1.2m Aussies have identification compromised