More than a week after suffering one of Australia’s biggest ever cyber attacks, Optus is scrambling to fill customers with confidence after a long period of poor communication, as the government calls for an urgent end to the confusion.
This afternoon and evening customers across the country have received SMS messages relating to the level of data breach they have been exposed to.
“Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number. Your State or Territory government will provide advice on any action that you may need to take via their website,” some of the messages said.
However, at least one Victorian customer raised concerns that Victorian drivers licences do not have a card number, so the loss of just a licence number was a more serious security risk.
Optus said in a statement tonight that it was continuing to work with authorities in Victoria as well as in Queensland as their licences differed from other states and territories, “and will provide advice as soon as possible”.
“If we did not have valid contact details for any impacted customers, these customers will be contacted via post using the last mailing address we have on file, as soon as possible,” Optus said.
“We continue to reach out to customers who have had other details exposed.”
Earlier today, the federal government said Optus was not cooperating with its attempts to protect Australians following the data breach.
Government Services Minister Bill Shorten and Cyber Security Minister Clare O’Neil publicly called on the telecommunications company to comply with the government’s requests in the interests of the affected customers.
Shorten said: “We seek Optus to step up its communication and transparency with government.
“Motoring along in third gear is not enough.”
Shorten said now was not the time for Optus “to take the high road” about sharing the data, and should be taking more initiative to help the government.
“The drawbridge needs to come down.”
Customers have also told 9News they feel like Optus is passing the problem onto the government.
“I feel like they don’t care and they are wiping their hands of it. Palming me off to the government,” one said.
Meanwhile, other Optus customers have received a far more concerning message.
“During further analysis as part of our ongoing investigation, we’ve discovered some customers have had both the licence number and card number on their Driver Licence exposed. Please note, only the numbers have been exposed and not a copy of your Photo ID. We’re deeply sorry to inform you that you’ve been identified as part of this group,” that text said.
The advice from Optus is to apply for a replacement licence, to “help reduce the risk of identity theft or financial loss”.
It has taken more than a week for the communication to be sent, and the uncertainties remain about just how many people are affected and exact details that have been stolen.
— Lauren 🇦🇺 (@LaurenHLoz) October 2, 2022
There are Medicare and passport numbers included in the breach.
Optus has promised a 12-month identity protection subscription to customers affected, but is relying on those customers to contact Optus to get access to the subscription.
Customers are reporting waiting hours for the call centre to respond, and having to make demands in live chats on the Optus app to be able to get the subscription access.
Shorten also called on Optus to urgently provide details of who exactly has been included in the attack.
“It’s been 11 days since the breach — it is peculiar that we still can’t identify who for example used their Medicare information — their number — to be able to get identification,” he told the ABC.