Optus data breach: New Medicare numbers, free driver’s licence for impacted customers

By William On Sep 28, 2022

The millions of Aussies affected by the Optus hack could be given new Medicare numbers if the federal government takes action to help those embroiled in one of the worst technical breaches to hit Australia in recent years.

Optus advised that the data of up to 10 million customers could have been compromised by the massive data hack.

Among the stolen records were driver’s license numbers, as well as passport information, Medicare numbers, dates of birth, and home addresses.

Health Secretary Mark Butler claimed it took Optus days to inform the government that some Medicare numbers had likely been compromised.

“It is very unfortunate that we have only been made aware of the fact that Medicare data has been included in that data breach within the past 24 hours,” Mr Butler told ABC Radio National Breakfast on Wednesday morning.

“Right now, all government resources are going to protect consumers in the face of this extraordinary breach of their personal data.”

Government considers issuing new Medicare numbers to millions of Optus customers

The government is looking to provide new Medicare numbers for everyone affected.

Australians typically keep the same Medicare number throughout their lives.

The Medicare movement comes as states and territories are offering Optus customers the option to replace their driver’s licenses for free, and pressure continues to mount on the State Department (DFAT) to issue new passports to those affected as a first priority. .

If you’re one of the millions of Optus customers concerned about your driver’s license being compromised by the data breach, you may be eligible for a free replacement license

“Victims of the Optus cyberhack should not have to wait or pay significant amounts of money to secure their personal information and get a new passport,” Liberal Senator James Paterson said in a statement.

DFAT said people should make their own choice as to whether or not they want a new passport, to reassure those affected that fraudsters cannot get a passport with your identity.

A statement on DFAT’s website said there are “robust controls in place to protect your passport from identity takeover, including advanced facial recognition technology.”

‘She [hackers] would need your real passport, not just your passport details.’

Optus said in a statement that all customers whose identification document numbers have been compromised have been contacted.

This includes anyone whose license or passport numbers were leaked as a result of the cyber attack.

Data stolen during the hack included driver’s license numbers, as well as passport details, Medicare numbers, dates of birth and home addresses

Optus said it also worked by contacting anyone who had other details, such as their email address.

The telco confirmed that no payment details or account passwords were compromised as a result of the hack.

However, if you are one of the customers across Australia whose license details have been compromised, some states have announced free replacement driver’s licenses.

Below is what is currently implemented in each state and territory across Australia:

NSW

Anyone with a NSW driver’s license can apply for a new driver’s license online through Service NSW.

Customer Service Minister Victor Dominello said Optus will be contacting customers “in the coming days” to tell them whether or not to request a replacement driver’s license.

‘People in NSW with a digital driving license immediately receive a provisional card number via the Service NSW app. A new plastic license card will be issued within 10 working days,” said Dominello.

2. I can confirm that Optus will be contacting customers in the coming days to confirm whether or not they should request a replacement driver’s license.
— Victor Dominello MP (@VictorDominello) September 27, 2022

The $29 replacement fee charged by Service NSW is expected to be refunded by Optus, with an official statement expected in the coming days.

At the moment it is not clear whether or not the new driving license means a new driving license number or just a new card number.

Victoria

Drivers in Victoria are encouraged to report their license violation to the Department of Transport to prevent unauthorized changes by potential hackers.

The department has asked Optus to reimburse the Victorian government for the cost of new licenses.

If you are concerned about your license information and have been notified by Optus that your data has been breached, please contact VicRoads to have your record flagged and request a replacement license.

“By marking records, VicRoads prevents unauthorized changes or access to individual information through the Victorian license database. Records will also be flagged in the national database,” the Victorian government said in an online statement.

‘We urge you to use the web form to register your details. You don’t have to be on hold and the form is quick and easy to fill out.’

Anyone who has been contacted by Optus and has a Victorian driver’s license can fill out the form here.

Queensland

In Queensland, a new driver’s license and driver’s license number has been confirmed for anyone informed by Optus that their ID information has been compromised, at no cost.

“If you are affected by the Optus data breach, Transport and Main Roads Queensland will provide you with a replacement driver’s license with a new license number free of charge,” Annastacia Palaszczuk said in a statement.

If you are affected by the Optus data breach, @TMRQld you will receive a replacement driver’s license with a new driver’s license number free of charge.
— Annastacia Palaszczuk (@AnnastaciaMP) September 27, 2022

A dedicated hotline (07 3097 3108) has also been set up for those who need additional information or urgent assistance.

South Australia

If you’re in South Australia, a replacement driver’s license is also free.

Service SA advised anyone looking for a replacement card to go to one of its centers with documentation proof from Optus that they had been affected by the hack.

“The South Australian state government will waive the usual replacement fee for South Australians who need a new driver’s license as a result of the recent Optus data breach,” Prime Minister Peter Malinauskas said in a statement.

The South Australian state government is waiving the usual replacement fee for South Australians requiring a new driver’s license as a result of Optus’ recent data breach.
— Peter Malinauskas (@PMalinauskasMP) September 27, 2022

“Once your driver’s license number is changed, a new driver’s license card will be produced and posted to you,” Service SA said in a statement on its website.

“Your new license is immediately available digitally via your mySAGOV account and on the mySAGOV app.”

Anyone who has already paid for a replacement card can get the full amount back in person at a Service SA office.

TO TRADE

The ACT government said it is working to issue replacement driver’s licenses to anyone who has compromised both their driver’s license and card number.

There is currently no information on whether they will be replaced for free or for a fee.

“All customers who do so will be contacted by Access Canberra once the next steps have been determined,” said a statement from the ACT government.

Currently, the fee for a replacement card is $42.60, with the ACT government currently saying that each new card will only have a replacement card license number, not a new license number.

Western Australia, Northern Territory and Tasmania

At this stage, there is no message from these states or territories about what Optus customers can do regarding driver’s licenses.

What Optus has said about the breach:

How did this happen?

Optus fell victim to a cyber attack. We took immediate action to block the attack that targeted Optus customer data only. Optus’ systems and services, including mobile and home internet, are unaffected and messages and voice calls are unaffected. Optus services will continue to be safe to use and operate as usual.

Has the attack stopped?

Yes. Upon discovering this, Optus immediately stopped the attack.

We are now working with the Australian Cyber Security Center to mitigate any potential risk to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.

Why did we go to the media first instead of our customers?

The security of our customers and their data is our top priority. We did this because it was the fastest and most effective way to alert as many current and former customers as possible so they could be vigilant and monitor suspicious activity. We are now in the process of contacting customers directly affected.

What information about me may have been made public?

The information that may have been released includes customer names, dates of birth, telephone numbers, email addresses and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Affected customers will be notified directly of the specific information that has been compromised.

Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payment information, and account passwords have not been compromised.

What should I do to protect myself if I suspect I have been the victim of fraudulent activity?

We are not currently aware of any customers who have suffered damage, but we encourage you to raise awareness of your account, including:

Watch out for suspicious or unexpected activity on your online accounts, including your bank accounts. Immediately report any fraudulent activity to the related provider.

Watch out for contact from scammers who may have your personal information. This could be suspicious emails, texts, phone calls or social media posts.

Never click on links that look suspicious and never give out your passwords or personal or financial information.

How do I contact Optus if I think my account has been hacked?

If you believe your account has been compromised, you can contact us via the My Optus app – which remains the safest way to contact Optus, or call us on 133 937 for consumer customers. Due to the impact of the cyber attack, waiting times may be longer than usual.

If you are a business customer, please contact us at 133 343 or your account manager.

How do I know if I have been affected?

We are in the process of contacting customers directly affected.