The millions of Aussies impacted by the Optus hack could be given new Medicare numbers as the federal government takes action to help those embroiled in one of the worst tech breaches to hit Australia in recent years.
Optus advised up to 10 million customers’ details could have been compromised by the massive data hack.
Among data stolen was driver’s licence numbers, as well as passport details, Medicare numbers, dates of birth and home addresses.
Health Minister Mark Butler claimed Optus had taken days to inform the government that some Medicare numbers had likely been compromised.
‘It’s deeply unfortunate that we were only notified that Medicare details were included in that data breach in the last 24 hours or so,’ Mr Butler told ABC Radio National Breakfast on Wednesday morning.
‘Right now, all the resources of government are going to protecting consumers in the face of this extraordinary breach of their personal data.’
The government is considering issuing new Medicare numbers to millions of Optus customers
The government is looking into providing new Medicare numbers for anyone affected.
Australians typically keep the same Medicare number for their entire lives.
The Medicare move comes as states and territories offer Optus customers the opportunity to replace their driver’s licence for free and pressure continues to mount on the Department of Foreign Affairs (DFAT) to provide new passports to those affected as a number one priority.
If you are one of the millions of Optus customers who are worried about your drivers licence being compromised by the data breach you may be eligible to a free replacement licence
‘Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information, and obtain a new passport,’ Liberal senator James Paterson said in a statement.
DFAT said people should make their own choice as to whether or not they want a new passport, reassuring those affected that fraudsters cannot get a passport with your identity.
A statement on DFAT’s website said there are ‘robust controls that protect your passport from identity takeover, including sophisticated facial recognition technology’.
‘They [hackers] would need your actual passport, not just your passport details.’
Optus said in a statement all customers whose identifying document numbers were compromised have been contacted.
This includes anyone whose licence or passport numbers were leaked as a result of the cyberattack.
Data stolen in the hack included drivers licence numbers, as well as passport details, Medicare numbers, dates of birth and home addresses
Optus said it was also working through contacting anyone who had other details such as their email address compromised.
The telco confirmed that no payment details or account passwords were compromised by the hack.
However, if you are one of the customers across Australia whose licence details have been compromised, some states have announced replacement drivers licenses at no cost.
Below is what has currently been implemented in each state and territory across Australia:
Anyone with a NSW driver’s licence can apply for a new one online through Service NSW.
Customer Service Minister Victor Dominello said Optus would be in touch with customers ‘in the coming days’ to instruct them whether or not they need to apply for a replacement driver’s licence.
‘People in NSW with a digital driver licence will have an interim card number issued instantaneously via the Service NSW app. A new plastic licence card will be issued within 10 business days,’ Mr Dominello said.
The $29 replacement fee charged by Service NSW is expected to be reimbursed by Optus, with an official statement expected in the coming days.
At this point there is no clarification on whether or not the new licence will mean a new driver’s licence number or just a new card number.
Drivers in Victoria are being encouraged to report their licence breach to the Department of Transport in order to prevent any unauthorised changes by potential hackers.
The department has asked Optus to repay the cost of new licenses to the Victorian government.
If you are worried about your licence details and have been notified by Optus to say your data has been breached, you can contact VicRoads to have your record flagged and request a replacement licence.
‘By flagging records VicRoads will prevent any unauthorised changes or access to individual information through the Victorian licence database. Records will also be flagged within the national database,’ the Victorian government said in a statement online.
‘We urge you to use the web form to register your details. You will not have to wait on hold and the form is quick and easy to fill out.’
Anyone who has been contacted by Optus and has a Victorian driver’s licence can fill out the form here.
In Queensland a new driver’s licence and driver’s licence number has been confirmed for anyone advised by Optus that their ID information has been compromised, at no cost.
‘If you’re impacted by the Optus data breach, Transport and Main Roads Queensland will issue you a replacement driver licence with a new licence number free of charge,’ Annastacia Palaszczuk said in a statement.
A dedicated hotline (07 3097 3108) has also been set up to those who need additional information or urgent assistance.
If you’re in South Australia, a replacement driver’s licence will also be free.
Service SA advised anyone seeking a replacement card to attend one of its centres with documentation proof from Optus that they were affected by the hack.
‘The South Australian State Government will waive the usual replacement fee for South Australians requiring a new driver’s licence as a result of the recent Optus data breach,’ Premier Peter Malinauskas said in a statement.
‘Once your licence number has been changed, a new driver licence card will be produced and posted to you,’ Service SA said in a statement on its website.
‘Your new licence will be immediately available digitally through your mySAGOV account and on the mySAGOV app.’
Anyone who has already paid for a replacement card is able to get a full refund in person at a Service SA branch.
The ACT Government said it is working to issue replacement driver’s licenses for anyone who has had both their licence and card numbers compromised.
There is no information currently on whether they will be replaced for free or at a cost.
‘All customers who do this will be contacted by Access Canberra once the next steps are identified,’ a statement from the ACT government said.
Currently the fee for a replacement card is $42.60 with the ACT government currently saying any new card will only have a replacement card licence number, not a new licence number.
Western Australia, Northern Territory and Tasmania
At this stage there been no word from these states or territories on what Optus customers can do regarding driver licences.
What Optus has said about the breach:
How did this happen?
Optus was the victim of a cyberattack. We immediately took action to block the attack which only targeted Optus customer data. Optus’ systems and services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Optus services remain safe to use and operate as per normal.
Has the attack been stopped?
Yes. Upon discovering this, Optus immediately shut down the attack.
We are now working with the Australian Cyber Security Centre to mitigate any risks to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner, and key regulators.
Why did we go to the media first instead of our customers?
The security of our customers and their data is paramount to us. We did this as it was the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity. We are now in the process of contacting customers who have been impacted directly.
What information of mine may have been exposed?
The information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Customers affected will be notified directly of the specific information compromised.
Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payments details, and account passwords have not been compromised.
What should I do to protect myself if I suspect I am a victim of fraudulent activity?
We are not currently aware of any customers having suffered harm, but we encourage you to have heightened awareness across your accounts, including:
Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
How do I contact Optus if I believe my account has been compromised?
If you believe your account has been compromised, you can contact us via My Optus App – which remains the safest way to contact Optus or call us on 133 937 for consumer customers. Due to the impact of the cyberattack, wait times may be longer than usual.
If you are a business customer, contact us on 133 343 or your account manager.
How do I know if I have been impacted?
We are in the process of contacting customers who have been directly impacted.