Singtel's Optus to pay for new Australian passports for those affected by giant data hack

Some Australian state governments have said they will replace the driving licences of compromised Optus customers. PHOTO: REUTERS

SYDNEY - Singtel's Optus will pay to replace passports of Australians caught up in a major cyber attack that saw the telco lose the personal information of millions of current and former customers.

Prime Minister Anthony Albanese confirmed that Optus would cough up after demands from the federal government.

"Optus has responded to the request that I made both in Parliament and that Senator (Penny) Wong made in writing to Optus... they will cover the costs of replacing affected customers' passports," he told reporters after a national Cabinet meeting.

Some Australian state governments have said they will replace the driving licences of compromised Optus customers.

It is believed that up to 9.8 million Australians had their personal data compromised in the breach, but only three million or so had identity documents like passports or driving licences exposed, and 37,000 their Medicare cards.

Of those documents, passports are the most expensive, with a replacement costing A$193 (S$180).

The Sydney Morning Herald estimated that it could cost Optus up to A$661 million to replace all the three documents for those affected. Bloomberg News reported on Thursday that the cost to Singtel of the Optus data breach - including compensation and legal bills - could amount to more than US$400 million (S$573 million). 

Also on Friday, the Australian authorities said they have commenced an operation to protect the personal information of 10,000 people whose data may have been shared online after a cyber attack on Optus.

The efforts come three days after an unidentified person posted online that he had released personal details of 10,000 Optus customers and would keep doing so daily until he received US$1 million. The post was retracted within hours.

Assistant Commissioner Justine Gough of the Australian Federal Police's cyber command said the agency was working to identify and protect the same number of people whose "details have been unlawfully released".

The targeted operation, which is in addition to a global operation to track down the hacker, is the most public acknowledgment to date by police about the threat to customers, although Ms Gough declined to comment specifically on the ransom post.

"We are concerned that those 10,000 people may have had their 100-point identification compromised," Ms Gough told reporters.

Under Australian law, official documents are assigned point scores that can be used for identity verification purposes to clear sensitive transactions, which typically demand at least 100 identification points.

Passport numbers are worth 70 points, while driving licence numbers are worth 40 points, Optus has said.

Ms Gough said police were running data analysis to identify the 10,000 customers, monitoring the Internet for signs of criminals trying to sell the data, and putting banks on high alert for suspicious transactions.

She added that the authorities around the world, including the United States' Federal Bureau of Investigation, were pursuing multiple leads. REUTERS

Join ST's Telegram channel and get the latest breaking news delivered to you.