Government ‘throwing everything’ at Optus breach as FBI joins the fray
All the government’s resources are being thrown at helping protect Australians who had their details stolen in the Optus data breach, says Health Minister Mark Butler.
Photo: AAP
Butler said it was “deeply unfortunate” the government was only notified Medicare details were included in the breach in the last 24 hours.
“All the resources of government are going to protecting consumers in the face of this extraordinary breach of their personal data,” he told ABC radio.
The government is being urged by the coalition to waive the fees for new passports needing to be issued following the breach.
In a joint statement, opposition foreign affairs spokesman Simon Birmingham and opposition cyber security spokesman James Paterson said it “wasn’t good enough” affected customers had to foot the bill for the telco’s mistake.
“Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information, and obtain a new passport,” the statement reads.
Assistant Treasurer Stephen Jones said passports had multiple layers of security and were still safe to use.
“Any costs associated with replacing documents, frankly … it shouldn’t be the commonwealth government or any other government that is bearing the cost of what is at its heart … a stuff up by Optus,” he told Sky News.
Meanwhile, the FBI is joining the Australian Federal Police in probing the alarming incident.
Attorney-General Mark Dreyfus revealed the international cooperation as the group behind the breach scrapped its ransom demand and claimed to have deleted the 11 million customers’ records it scraped from the telco’s website.
The attempt to force Optus to pay $US1 million ($A1.54 million) by Friday was dropped hours after the group released a batch of 10,000 Australian customers’ sensitive details on a data breach forum on the clear web.
The illegally obtained information includes passport, Medicare and driver’s licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.
Several state governments have struck agreements with Optus to protect customers whose driver’s licences were compromised.
In Victoria and NSW, people can get replacement cards and Optus will cover the costs.
Affected customers in Queensland and South Australia can organise replacement licences free of charge, while the ACT and other jurisdictions are still working through the issue.
The hackers said they would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.
Mr Dreyfus told parliament a whole-of-government response had been launched, with the AFP not only working with government and industry but also the FBI.
The attorney-general also expressed concern Optus did not report the exposure of Medicare numbers in the breach.
Opposition defence spokesman Andrew Hastie described the government’s response to the hack as “lacklustre and slow”.
They said the Department of Foreign Affairs was advising on its website that “if you choose to replace your passport you’ll have to pay” as the department was not responsible for the data breach.
Optus says it has sent email or SMS messages to customers whose details were compromised and apologised for the concern it has caused.
But it insists payment details and account passwords were not compromised as a result of the attack.
The privacy commissioner has urged Optus customers to be vigilant and not click on any links in text messages.