The company has confirmed that thousands of Medicare ID numbers have been exposed as a result of the Optus data breach.
The company said it has identified 14,900 valid card numbers that have been exposed.
“All customers with an unexpired Medicare card will be contacted within 24 hours,” Optus said.
Thousands of Medicare ID numbers have been exposed as a result of the Optus data breach. (AFP)
A further 22,000 expired card numbers have also been exposed. The company said it will be contacting these customers directly “out of an abundance of caution.”
Optus said it is in contact with Services Australia following the data breach.
“Make sure people can’t access your Medicare details with just your Medicare number,” Optus said.
“If you are concerned or have been affected, you can replace your Medicare card as advised by Services Australia.”
Today, the federal government said it is considering issuing new Medicare cards to the millions of Australians who had their private data leaked as part of the data breach.
Government could reissue millions of Medicare cards after Optus data breach. (AP)
Health Minister Mark Butler told the ABC today that the government was only alerted that Medicare numbers were part of the massive leak when the alleged culprit, who later stopped his extortion bid , posted 10,000 new personal records online yesterday.
“We are very concerned about the data loss and are working hard to deal with the fallout, but we are particularly concerned that we were not notified earlier and that consumers were not notified earlier about the Medicare data breach.” he said.
Butler said the government was also considering fast-track passport replacements.
‘I don’t trust criminals’
Meanwhile, a cyber security expert has warned that a promise by the apparent hacker that all stolen data had been destroyed should not be trusted.
In a strange sequence of events yesterday, an anonymous online poster claimed responsibility for the data breach that saw the information of nearly 10 million Australians compromised.
The poster said they had released the personal details of the first 10,200 people and would continue to do so until their ransom demand was met.
Optus could have done more to prevent a data breach, an expert has said. (AP)
They also claimed to have destroyed the only copies of stolen personal information, which included driver’s license, passport and Medicare numbers.
But CyberCX’s Alastair MacGibbon said he was skeptical of sincerity.
“I don’t believe it. I don’t trust criminals,” he told Today.
“That means that data is still out there. It can’t be put back into that bottle.”
The follow-up post from an anonymous account claiming responsibility for the Optus hack, in which it apologizes for the attack. (Supplied)
The identity of the hacker or hackers has not been confirmed, but MacGibbon said the consensus within the cyber security community was that it was not a “sophisticated” attack that led to the Optus breach.
He said that put the onus on Optus.
“The size of this data breach, with up to 10 million Australians affected, is unprecedented here in this country,” he said.
“So of course more could have been done.”
Optus customers are advised to take a number of steps to protect their online identity. (Graphic: Channing Young)
But he warned that improving cyber security could be a complex issue.
“It’s not just about privacy laws. It’s also about how you set up your technology,” he said.
“A lot of what we do is about risk management. It’s not binary, safe or unsafe.”
He said people couldn’t expect data protection to be bulletproof.
The scammer’s plot was undone by several glaring errors in the text message
“If it was negligent, Optus will pay the price,” MacGibbon said.
“But even the best defenses can be overwhelmed from time to time, especially by nation states and sometimes by sophisticated criminals.
“The unfortunate thing about this week is that, by all accounts, it was not a sophisticated breach.”