Prime Minister Anthony Albanese says Optus should foot the bill for customers needing changes to their personal identification documents, such as passports, after the massive security breach.
Subscribe now for unlimited access.
or signup to continue reading
During Wednesday's House question time, Mr Albanese said taxpayers should not be made to foot the bill for Optus customers needing to change passport numbers following the incident, when about 10 million customers' personal information was divulged.
"Those opposite want taxpayers to pay for a problem caused by Optus and their own failures on cyber security and privacy regulation," he said.
"We believe that Optus should pay, not taxpayers."
Foreign Minister Penny Wong also wrote to Optus chief executive Kelly Bayer Rosmarin, asking the telco to cover fees for new passports for affected customers, saying there is "no justification" for the government to cover the cost.
"There is no justification for these Australians - or for taxpayers more broadly on their behalf - to bear the cost of obtaining a new passport," Senator Wong wrote in the letter.
"I therefore seek your earliest confirmation that Optus will cover the passport application fees of any customers affected by this breach whose passport information was disclosed and who choose to replace their currently valid passport."
The opposition had called on the commonwealth to cover any associated costs for customers wanting to change to help protect their personal information.
Mr Albanese conceded current laws governing data protection were outdated and needed an overhaul. This was a view shared by Greens senator David Shoebridge, who said a tort on privacy was desperately needed to ensure customers had adequate protection when handing over information.
He also questioned why Optus was holding information on customers for up to six years, saying it was a "honey pot" for hackers seeking sensitive information.
"We are seeing the failure of the existing regulatory model in terms of advising people promptly about the nature of the privacy breaches and failure to have clear laws and regulations that require the remediation," Mr Shoebridge told ACM.
"At this point in time, we're getting the information that Optus is choosing to give us and it looks like people who have had their privacy breached may well be limited to the compensation or assistance that Optus is shamed into providing."
READ MORE:
Earlier at Parliament, Opposition Leader Peter Dutton lashed out at the government, saying it had failed to notify the public of the data breach and suggested Optus should cover the cost of customers needing new identity documents.
"People should pay the fee and then seek to recover it either from a government level or from the individual level from Optus in due course," Mr Dutton said. "Frankly Optus should meet the cost of that and I don't know whether that's something they've announced or not, but it's something they should if they haven't."
Mr Dutton also pointed blame at Home Affairs Minister Clare O'Neil for not acting sooner and being "missing in action".
On passports, the government said there are multiple security levels on the documents.
Health Minister Mark Butler earlier said Medicare numbers could be reissued after he became aware on Tuesday that card details were included in the information.
"As I'm advised, we were not notified that among passport details, driver's licence details and others, Medicare details had also been the subject of this breach," Mr Butler said on ABC RN. "So we're very concerned, obviously, about the loss of this data and working very hard to deal with the consequences of that. But particularly concerned that we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well."
Liberal senators Simon Birmingham and James Paterson said people should not be made to wait nor pay to obtain new and secure personal identification.
"While Optus must take responsibility for what may be the largest data breach in Australian history, the Albanese government has a responsibility to help Australians take steps to protect their personal information and security," they said in a statement.
READ MORE:
Optus revealed the data breach, which affected 9.8 million of its customers, last Thursday.
Assistant Treasurer Stephen Jones said passports had multiple layers of security and were still safe to use.
"Any costs associated with replacing documents, frankly ... it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... a stuff up by Optus," he told Sky News.
A class action following the data breach is under investigation, as cyber security experts warn Optus customers may now fall victim to scammers.
Meanwhile, the FBI is joining the Australian Federal Police in probing the alarming incident.
Attorney-General Mark Dreyfus revealed the international cooperation as the group behind the breach scrapped its ransom demand and claimed to have deleted the 11 million customers' records it scraped from the telco's website.
The attempt to force Optus to pay $US1 million ($A1.54 million) by Friday was apparently dropped hours after the group released a batch of 10,000 Australian customers' sensitive details on a data breach forum on the clear web.
The illegally obtained information includes passport, Medicare and driver's licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.
The hackers said they would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.
Optus says it has sent email or SMS messages to customers whose details were compromised and apologised for the concern it has caused.
But it insists payment details and account passwords were not compromised as a result of the attack.
The privacy commissioner has urged Optus customers to be vigilant and not click on any links in text messages.
Meanwhile, some states have announced they will be assisting victims of the Optus cyber breach to get a new driver's licence.
Anyone applying for a replacement driver's licence number and card must be able to show they have been advised by Optus that they are at risk.
NSW
- Service NSW and ID Support NSW are working with Transport for NSW on driver's licence relief
- Affected Optus customers will soon be able to apply for a replacement number online through Service NSW or one at its offices
- The replacement fee of $29 will be reimbursed by Optus
Victoria
- Department of Transport is working with IDCARE to get a full list of Victorian licences exposed by the breach
- Anyone at risk can get their VicRoads record flagged against any potential future fraud and request a number and card replacement
- The government will ask Optus to repay the cost
Queensland
- Replacement driver licence numbers and cards will be offered free of charge to impacted Optus customers
South Australia
- Licence numbers can be changed at a Service SA Centre
- Replacement fee of $20 will be waived
- Anyone who has already paid for a replacement licence can get a refund through Service SA
ACT
- The government is still working through the issue of replacing driver licence numbers and cards
Others
As of 8pm AEST Tuesday, Western Australia, Northern Territory and Tasmania were still to advise on their plans but are expected to follow the other jurisdictions.