"Australian"/picture
Australia's second largest telecom company claims that in a recent hack, 9.8 million customers whose personal information was posted online would not need to replace their new passports.
The Australian reported that Optus and its parent company Singtel issued a statement to Singtel, Singapore Stock Exchange , saying that their talks with the federal government led to the decision.
"As a result of discussions with the Australian government, Optus now communicates to customers whose passport numbers were exposed in a cyber attack that they will not need to change their passports," the statement said.
"The Australian government has been working with Optus to protect customers from the possibility of identity crimes, including advice on the actions (if any) that affected customers should take."
However, the telecom company failed to explain how it made the decision, and two weeks after Prime Minister Anthony Albanese said he believes the telecom company should bear the cost of changing passports.
"We know that this vulnerability shouldn't have happened, and the government hopes Optus can do its best to support affected customers," he said at the time. "We think Optus should pay, not taxpayers."
Foreign Minister Penny Wong also wrote to Optus CEO Kelly Bayer Rosmarin, saying it would be "unreasonable" to pay for passport replacement fees by Optus customers or taxpayers.
In Optus security incidents, as many as 150,000 passport numbers and 50,000 Medicare numbers were stolen. According to the Ministry of Foreign Affairs and Trade website, the cost of changing the passport is $193.
In an email sent to customers late Friday, Optus claimed that copies of passports, including customer photos, were not leaked.
"As part of our ongoing investigation, during the analysis, we found that the number on your Australian passport was exposed. Please note that a copy of your passport, including your image, was not exposed," the email read.
The email continued that the government advised “you don’t need to change your passport” because the Ministry of Home Affairs prevents the use of the passport of affected customers through Document Verification Service (DVS).
"This means it cannot be used to verify your identity online through DVS. You can still use your passport to verify your identity yourself within the maximum three years before expiration," it wrote.
"If your passport is still valid, the Ministry of Foreign Affairs and Trade recommends that using your passport for international travel is safe. The Australian Passport Office has strong controls to protect your identity, including facial recognition."
customers also received a code for 12 months of Equifax protection services.
Optus's move came days after the Office of the Australian Information Commission (OAIC) and the Australian Communications Media Authority (ACMA) announced a separate investigation into the hacking incident. Angelene Falk, a commissioner of the
Information Commission, said that if OAIC finds that Optus has problems processing consumer data, the company could be fined, "each violation can reach up to 2.2 million."
Singtel revealed on Monday that its other Australian company, IT consulting firm Dialog, was also caught in a data breach, with data from its more than 1,000 employees and customers.
According to Singtel, the profiles of 1,000 Dialog's current and former employees and 20 customers were released on the dark web.
The company's client portfolio includes some large Australian enterprises and government agencies, including National Australia Bank (NAB), Suncorp, Rio Tinto, NSW Election Commission, Virgin Australia, Flight Centre and ESS Super, Alfred Health, NSW Anti-Corruption, Queensland Government Community Department, Victoria Government Geographic Information System and University of Tasmania .
It is understood that some companies listed on the Dialog website, including Virgin Australia, do not provide complete system access and are not affected by security vulnerabilities.
Edited by: Doji
