Australia demands Optus pay for new customer ID documents

Australias federal and state governments on Wednesday called for Optus to pay for replacing identification documents including passports and drivers licenses to avoid identity fraud after 9.8 million of the telecommunications companys customers had personal data stolen by computer hackers.
The Australian government has blamed lax cybersecurity at Optus for last week's unprecedented breach of current and former customers' personal information.
Most at risk of identity theft are the 2.8 million customers who had drivers license and passport numbers stolen.
Prime Minister Anthony Albanese rejected opposition lawmakers calls for the government to waive the costs of replacing compromised Optus customers passports.
We believe that Optus should pay, not taxpayers, Albanese told Parliament.
Foreign Minister Penny Wong wrote to Optus CEO Kelly Bayer Rosmarin on Wednesday requesting her earliest confirmation that the Sydney-based company would pay for vulnerable customers passports.
There is no justification for these Australians or for taxpayers more broadly on their behalf to bear the cost of obtaining a new passport, Wong wrote.
Optus did not immediately reply to a request for comment.
Different states have had varying responses to requests for drivers license replacements Queensland and South Australia have announced free replacements for affected customers while New South Wales will charge Optus customers for replacement licenses. But the state government has said it expects Optus will offer reimbursements within days. Victoria state has also asked Optus to pay for new licenses, but continues to charge the company's customers.
Optus this week offered its most affected customers free credit monitoring for a year.
The federal government only became aware that health care client identification numbers were among the stolen data on Tuesday morning, when 10,000 customers records were dumped on the dark web as part of an extortion attempt by the hacker who demanded Optus pay a $1 million ransom. The so-called Medicare numbers are accepted as proof of identity, like passports and drivers licenses.
Health Minister Mark Butler said his government had not yet decided Wednesday whether Optus customers required new Medicare cards.
Were very concerned about the loss of this data and working very hard to deal with the consequences of that, Butler told Australian Broadcasting Corp.
But were particularly concerned that we were not notified earlier and consumers were not notified earlier about the breach of the Medicare data as well, he added. Optus discovered the breach Sept. 21.
The hacker, who uses the online name Optusdata, withdrew a ransom demand Tuesday in an online post that claimed the stolen data had been destroyed.
Optusdata suggested the extortion attempt had attracted too much attention, said no ransom had been paid and apologized to Optus as well as its customers.
Former Special Adviser to the Prime Minister on Cybersecurity, Alastair MacGibbon, described that scenario as too good to be true.
MacGibbon, who is now a cybersecurity consultant, suspected the ransom had been paid or the data had been sold.
Another likely scenario was that the hacker was lying low for the moment while planning a different way to monetize the data, MacGibbon said.
Ive spent about 30 years dealing with criminals. I dont trust them, MacGibbon said.
So Id like to think that this criminal has suddenly found goodness and light and decided the heat was too much and Im deleting all of the 10 million details. Im a bit more suspicious than that, MacGibbon added.

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2023    »