Australians caught up in a massive breach of Optus data will be able to change their driver’s licence numbers and get new cards, with the telco expected to bear the multi-million cost of changeover.
The NSW, Victorian, Queensland and South Australia governments on Tuesday evening began clearing the bureaucratic hurdles for anyone who can prove they are victims of the hack, which has affected millions of people.
“People are understandably stressed and need a pathway forward,” NSW Customer Service Minister Victor Dominello said on Twitter.
NSW will charge a $29 replacement fee, which it said will be reimbursed by Optus.
Victorians will also get “free” licence number replacements and the chance to flag their licence record in case of future fraud.
“We will request Optus repays the cost of the new licences to the Victorian government,” a spokesperson for the state’s Transport department said.
Similar arrangements are being made in other states and territories and the cost to Optus could run into the tens of millions of dollars.
Meanwhile, the group claiming to be behind the breach has dropped a ransom demand and says it has deleted the 11 million customer records it scraped from the telco’s website.
The attempt to force Optus to pay $US1 million ($A1.54 million) by Friday was dropped hours after the group released 10,000 records containing sensitive customer details on a data breach forum on the clear web.
The illegally obtained information included passport, Medicare and driver’s licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.
“Too many eyes. We will not sale (sic) data to anyone. We cant if we even want to: personally deleted data from drive (Only copy),” the group said on Tuesday.
The batch released on Tuesday was still online as of 4.30pm AEST.
Meanwhile in Canberra, Attorney-General Mark Dreyfus told parliament the breach “should never have happened” and the US FBI was assisting Australian authorities in investigating the hack.
Home Affairs Minister Clare O’Neil said she was “incredibly concerned” Medicare numbers were picked up in the data breach and were being offered for free and for ransom.
“Medicare numbers were never advised to form part of compromised information from the breach,” she said.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them.”
Opposition defence spokesman Andrew Hastie described the government’s response to the hack as “lacklustre and slow”.
“The government isn’t responsible for Optus and their data breach, but they’re sure as hell responsible for coordinating a response,” he said.
Opposition foreign affairs spokesman Simon Birmingham and cyber security spokesman James Patterson called on the government to waive fees and expedite the processing of new passports for Optus customers.
They said in a statement it was “not good enough” for the Department of Foreign Affairs to advise on its website that “if you choose to replace your passport you’ll have to pay” as the department was not responsible for the data breach.
Two people who were exposed in Tuesday’s release of Optus data, and who asked to remain anonymous, expressed frustration that some personal information, unlike bank details, couldn’t be easily changed.
“No one can put a price on privacy but Optus has certainly lost mine,” a Melbourne man told AAP.
Optus has said it was the victim of a sophisticated attack – a claim dismissed by Ms O’Neil.
Optus said it will offer “the most affected” customers the chance to take up a one-year subscription to credit monitoring service Equifax Protect at no cost.