Prime Minister Anthony Albanese confirmed the telco would cough up after demands from the Federal Government.

The announcement was made shortly after the Australian Federal Police bolstered their response to the breach, with a focus on protecting those who have already had 100 points of identification exposed online.

Almost 10 million Australians were impacted in the hack, which exposed personal details such as their full name and address, as well as passports, drivers licence and Medicare numbers.

AFP Assistant Commissioner Cyber Command Justine Gough addressed the media on Friday to provide an update into the ongoing investigation into the data breach.

She said identifying the hacker was going to be a “long and complex” process and that police are focused on protecting those whose data has already been breached.

A post on an online forum on Tuesday advertising the sale of 10,000 peoples data has since been removed but the AFP have warned other criminals may have access to some, or all, of the data.

These 10,000 individuals, who potentially had 100 points of identification released online will be prioritised in police efforts.

Operation Guardian this been launched to “supercharge” the protection of all customers impacted by the breach.

It is a joint partnership between law enforcement, the private sector and industry which will work to identify those impacted. monitor the dark web for criminals, and engage with the financial services to detect criminal activity linked to the data breach.

“Cyber crime is the break-and-enter of the 21st century and we encourage all Australians to be extra vigilant about their online security at this time,” Assistant Commissioner Gough said.

“The 10,000 individuals who potentially had 100 points of identification released online will be prioritised.”

She said the AFP was collaborating with international law enforcement, including the FBI.

“We are talking about a type of crime that is borderless.”

The AFP will also engage with the financial services industry to detect criminal activity associated with the breach.

The AFP have confirmed Optus is co-operating with police.

Optus confirmed this week that the Medicare ID numbers of 36,900 Australians were exposed – including almost 15,000 that were still valid.

The telecommunications giant said they would contact all of those impacted within 24 hours.

The federal government has said it is “furious” that Optus took five days to notify them of the breach of Medicare data and has promised to reassess its data and privacy laws urgently.

Attorney-General Mark Dreyfus raised concerns about why Optus was keeping the data of customers – and former customers – for so many years.

“If a company says we need to see your driver’s licence or we need to see your passport number for the purpose of establishing that you are who you say you are, that should be the end – one might think – of the company keeping all that data,” Mr Dreyfus said.

MORE CUSTOMERS AFFECTED

The Optus data hack deepened with former Virgin Mobile and Gomo customers reportedly told that their personal information was also been compromised by the breach.

Almost 10 million Australians were impacted in the Optus hack, with personal details ranging from their full name and address to their passport, drivers licence and Medicare numbers accessed by the hackers.

Initially it was thought only current and former Optus customers were affected by the data breach, but recent emails seen by the Guardian Australia suggest it could also affect Optus subsidiaries.

Virgin Mobile and Gomo are subsidiaries of Optus – with the former being shut down in 2018.

Optus also sells mobile network services to Amaysim, Dodo, Circles.Life and iiNet.

Initially, Optus failed to notify customers of the Medicare data breach, later revealing 37,000 Medicare details had been hacked with 15,000 of those still active numbers.

The federal government have announced they will bring data and privacy laws “up to date” to protect Australians in the wake of the “messy” Optus breach.

Some individual states have indicated that those impacted will be eligible for a new licence, free of charge.

The company has not responded to a request to foot the bill for replacing millions of Australians’ passports in the wake of its data breach.

Meanwhile the Australian Electoral Commission announced that customers caught up in the Optus data breach who replace their passport or drivers licence will not need to update their electoral enrolment.

Financial Services Minister Stephen Jones criticised Optus on Thursday for letting hackers slip through the net, warning “there will be a long tail of impact of this data breach”.

“We know that fraudsters (and) scammers are already on to it, whether they’ve got the Optus data or not, they’re attempting to impersonate Optus,” he said.

“They’re attempting to … impersonate licence providers, they’re attempting to impersonate government and government agencies.”

If you are an Optus customer, the website Have I Been Pwned is a good resource to discover if your email address or phone number have been caught up in any data breaches.

For more information on how to protect yourself, visit the Office of the Australian Information Commissioner website.

Check the Optus website for information and contact Optus via the My Optus App or call 133 937.

More Coverage

‘We await Optus’: Telco silent on Albo’s passport demand

Ellen Ransley and Courtney Gould

Optus asked to pay for new passports

Clare Armstrong, Justin Vallejo and Maria Bervanakis

Originally published as Optus will pay for replacement passports for data breach victims