The probe, to be conducted by consultancy Deloitte, will look at the embattled telco’s cybersecurity systems, controls, processes and the circumstances surrounding the cyber attack.

In a statement, Optus said the review was recommended by chief executive Kelly Bayer Rosmarin and was supported unanimously by the Singtel Board, the telco’s parent company.

Ms Bayer Rosmarin said the review would play a crucial role in the company’s response.

“We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people,” she said.

“While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong.

“This review will help ensure we understand how it occurred and how we can prevent it from occurring again.

“This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists.”

Optus has been in damage control after the cyber attack compromised the personal identification of 9.8 million Australians.

Many customers remain in the dark over whether they need to order replacement passports, drivers licences or Medicare cards.

A text message sent to impacted customers overnight left some fuming after they found the message to be confusing.

“Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number. Your State or Territory government will provide advice on any action that you may need to take via their website,” the text from Optus read.

In a statement, the telco said the message was sent to customers in every state and territory except Queensland and Victoria where the card number and licence number are the same.

Customers who had their Medicare card number exposed were also advised.

“We continue to reach out to customers who have had other details exposed,” Optus said in the statement.

More than 37,000 Medicare numbers were exposed in the data breach.

The telco finds itself embattled in a brawl with the federal government that says the company’s leadership has not co-operated over lost Medicare and Centrelink information.

The Australian Federal Police has launched two investigations into the breach and are being assisted by the FBI.

Originally published as Optus commissions external review following data breach