fbpx

https://7news.com.au/technology/optus/optus-reveals-thousands-of-medicare-numbers-caught-up-in-data-breach-as-calls-mount-for-subsidised-passport-replacements-c-8392700

Another almost 37,000 pieces of information have been compromised as part of the Optus breach.

Optus has revealed that almost 37,000 Medicare numbers were compromised in the data breach last week.

The telco late on Wednesday said 14,900 valid Medicare ID numbers were involved in the breach as well as 22,000 numbers believed to have expired.

Optus said all affected customers with a compromised Medicare card that had not expired would be contacted within 24 hours.

The remainder would be contacted within the coming days out of “an abundance of caution”.

“Please be assured that people cannot access your Medicare details with just your Medicare number,” Optus said.

“If you are concerned or have been affected, you can replace your Medicare card as advised by Services Australia.

“Our call centres will not have further information to assist on this matter. We are in contact with Services Australia and we will be letting all affected customers know the guidance on the steps they can take.”

Some 9.8 million Australians’ data was compromised in the large-scale breach, first announced last Thursday.

The supposed hacking group took to a popular data breach forum to announce it would release the information unless paid a $US1 million ($A1.53m) ransom.

The group eventually backed down and apologised, but not before releasing 10,200 customers’ information into the wild.

A search of this database, released on Tuesday, revealed some Medicare numbers.

But Optus did not confirm this until Wednesday night.

The telco says it is working with the Australian Federal Police to determine how the data was breached, which limits it from commenting.

“The attack is being investigated by the Australian Federal Police, and they have advised Optus not to provide comment on certain aspects of the investigation,” a spokesperson earlier told 7NEWS.com.au.

The telco has offered the “most affected customers” a one-year subscription to credit monitoring software Equifax at no cost.

It did not elaborate on the criteria that determined which customers were considered to be most impacted.

Most state and territory governments are offering free replacements for driver’s licences while the federal government is calling on Optus to pay for replacement passports.

Consumer data advocate at CHOICE Kate Bower told 7NEWS.com.au she believed customers deserved compensation.

“There are two things to consider here – one (of) which is what does the law say on this issue? And the law says that they don’t have to offer compensation,” she said.

“But I think the other point is – what does the customer expect?”

She described the data accessed in the breach as a “goldmine for identity theft”.

“We know that a large number of people have been affected and that this is a serious breach in the type of information that’s been breached, it’s not just something that’s easily changeable like your username or your password,” Bower said.

“These are things like your passport or your driver’s licence number or your date of birth, things that are key identification factors and are just a goldmine for identity theft.

“But these are things that either you can’t change, like your date of birth, or to change them, you need to pay a cost.

“So, I think it’s completely fair that customers expect some sort of remedy from Optus and I think compensation, in this case, would be fair. And I think we need to think about penalties as well.”