Optus chaos spreads: Two more telcos’ customers are told their personal data may have been leaked too – on top of the 10 million customers already affected
- Former Virgin Mobile and Gomo customers’ information was exposed in hack
- Last week 10million Optus customers’ information was leaked in a cyber attack
- Names, addresses, emails, birthdays, passport, licence and Medicare was leaked
- Optus also sells its mobile services to Amaysim, Dodo, Circles.Life and iiNet
Two more Australian telcos owned by Optus have warned customers their data could have been exposed in the recent security breach.
Current and former Virgin Mobile and Gomo customers’ personal information was leaked last week alongside 10million Optus customers in Australia biggest ever cyber attack.
Optus reported people’s names, addresses, emails and dates of birth were exposed along with 2.8 million passport, licence and Medicare numbers.
The data leak was initially thought to only affect direct Optus customers but recent emails seen by Guardian Australia show the company’s subsidiaries are also at risk.
The network also sells mobile network services to Amaysim, Dodo, Circles.Life and iiNet.
Customers of Virgin Mobile and Gomo had their personal information leaked in the massive cyberattack against Optus last week
Optus announced it will compensate customers needing a licence replacement but has so far ignored calls from the federal government to replace passports.
Daily Mail Australia has contacted Optus for comment.
Optus fully bought the final share of Virgin Mobile Australia, giving it full ownership, in 2006.
Gomo, operated by Optus, was launched in 2020 and has customers in Singapore, the Philippines, Indonesia and Thailand.
The Office of the Australian Information Commissioner announced it is probing Optus’ compliance with data breach requirements.
‘All organisations need to assess the risk a data breach poses to compromising their own customers’ data and ensure additional safeguards are in place,’ Commissioner Angelene Falk said on Thursday.
Optus also sells its mobile network services to Amaysim, Dodo, Circles.Life and iiNet
The commissioner also raised concerns companies are holding on to personal data – like driver’s licence, passport and Medicare details – they don’t need to.
‘They must take reasonable steps to destroy or de-identify the personal information they hold,’ she said.
‘Collecting and storing unnecessary information breaches privacy and creates risk.’
The Optus scandal had also highlighted the need to ‘shift the dial’ and make organisations ultimately responsible for protecting their clients.
Federal Financial Services Minister Stephen Jones stressed Optus had a responsibility to the almost 40 per cent of Australians affected by the breach.
The government earlier this week expressed its shock that Medicare details were part of the theft, although card holders are being told their health details can’t be accessed with their client number.
Prime Minister Anthony Albanese has demanded Optus pay for the replacement of all licences and passports exposed in the hack
The data breach has prompted nearly all states and territories to allow affected residents to apply for new driver’s licence numbers for free, with any costs expected to be ultimately paid for by the telco.
Prime Minister Anthony Albanese has demanded Optus pay the cost of replacement passports, saying the hack was the telco’s fault.
‘Companies need to be held to account here, and that is something my government is determined to do,’ he said on Thursday.
Foreign Minister Penny Wong wrote to Optus chief executive Kelly Bayer Rosmarin on Wednesday, saying there was ‘no justification’ for taxpayers to foot the passport bill. Optus has yet to respond.
Meanwhile, reforms to Australia’s privacy and data laws will be rushed through in the wake of the crisis.
Optus has not responded to calls from the federal government to pay for the replacement of exposed passports
Legislative changes could be introduced to parliament by the end of the year, Attorney-General Mark Dreyfus said on Thursday.
‘It is certainly not just simply about increasing penalties, although that will be part of the reforms we are going to look at,’ he said.
‘We need to make sure that companies who are keeping Australians’ data pay absolute attention to keeping that data safe.’
Mr Dreyfus said he saw no reason why telcos needed to keep data used to validate identification, such as a driver’s licence or passport, for a decade.
But the federal opposition has criticised the government for not implementing reforms to online privacy recommended in a previous coalition government review.
‘It should not have taken the cyber attack on Optus to wake up this government,’ opposition communications spokeswoman Sarah Henderson said.
Foreign Minister Penny Wong wrote to Optus chief executive Kelly Bayer Rosmarin to say there is ‘no justification’ for taxpayers to pay for the replacement of personal documents leaked
Advertisement
Read more:
