Virgin Mobile and Gomo customers’ information leaked in Optus data hack

Two more Australian telcos owned by Optus have warned customers that their data may have been exposed in the recent security breach.

The personal information of current and former Virgin Mobile and Gomo customers was leaked last week, along with 10 million Optus customers in Australia, in the largest cyber attack ever.

Optus reported that people’s names, addresses, emails and dates of birth were revealed, along with 2.8 million passport, license and Medicare numbers.

It was initially thought that the data breach only affected direct Optus customers, but recent emails were seen by Guardian Australia show that the company’s subsidiaries are also at risk.

The network also sells mobile network services to Amaysim, Dodo, Circles.Life and iiNet.

Optus has announced it will compensate customers in need of a license replacement, but has so far ignored calls from the federal government to replace passports.

Daily Mail Australia has contacted Optus for comment.

Optus also sells its mobile network services to Amaysim, Dodo, Circles.Life and iiNet

Optus completely bought the last share of Virgin Mobile Australia in 2006, giving it full ownership.

Operated by Optus, Gomo was launched in 2020 and has customers in Singapore, the Philippines, Indonesia and Thailand.

The Australian Information Commissioner’s office has announced it is investigating Optus’ compliance with data breach requirements.

“All organizations should assess the risk a data breach poses to endangering their own customers’ data and ensure additional safeguards are in place,” Commissioner Angelene Falk said on Thursday.

The commissioner also expressed concern that companies hold personal information – such as driver’s license, passport and Medicare data – that they do not need.

“They must take reasonable steps to destroy or de-identify the personal information they hold,” she said.

‘Collecting and storing unnecessary information violates privacy and creates risks.’

The Optus scandal had also highlighted the need to ‘turn the switch’ and make organizations ultimately responsible for protecting their customers.

Federal Financial Services Minister Stephen Jones stressed that Optus has a responsibility to the nearly 40 percent of Australians affected by the breach.

The government expressed its shock earlier this week that Medicare data was part of the theft, though cardholders are being told their health data cannot be accessed with their customer number.

The data breach has resulted in nearly all states and territories allowing affected residents to apply for new driver’s license numbers for free, with any fees expected to eventually be paid by the telco.

Prime Minister Anthony Albanese has demanded Optus pay the cost of replacement passports, saying the hack was the telco’s fault.

“Businesses here need to be held accountable, and that’s something my government is determined to do,” he said on Thursday.

Secretary of State Penny Wong wrote to Optus CEO Kelly Bayer Rosmarin on Wednesday that there was “no justification” for taxpayers to pay the passport bill. Optus has not yet responded.

Meanwhile, reforms to Australia’s privacy and data laws will be urgently implemented in the wake of the crisis.

Legislative changes could be introduced in parliament by the end of the year, Attorney General Mark Dreyfus said Thursday.

“It’s certainly not just about increasing penalties, although that will be part of the reforms we’re going to look at,” he said.

“We need to make sure that companies that hold Australians’ data pay absolute attention to keeping that data safe.”

Dreyfus said he saw no reason why telco’s data used to validate identification, such as a driver’s license or passport, should be kept for 10 years.

But the federal opposition has criticized the government for failing to implement online privacy reforms recommended in an earlier review of the coalition government.

“The cyber attack on Optus should not have been necessary to wake up this government,” said opposition communications spokesman Sarah Henderson.