Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach | Optus | The Guardian
Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach
Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents
Follow our Australia news live blog for the latest updates
Get our free news app, morning email briefing or daily news podcast
Smartphone showing an Optus logo
Optus is facing continued pressure over a data breach which resulted in millions of its customers’ personal information being exposed online. Photograph: SOPA Images/LightRocket/Getty Images
Josh Taylor
@joshgnosis
Thu 29 Sep 2022 06.32 BST
Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.
It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.
While the breach was initially considered limited to customers who deal with Optus directly, Guardian Australia has seen emails sent from Optus to former customers of Gomo and Virgin Mobile outlining that their data was included in the breach.
Optus signage
Companies could be forced to delete customer data used to prove ID, Labor suggests
Read more
Advertisement
Both companies are wholly owned subsidiaries of Optus, with the company shuttering the Virgin brand in 2018, but it was not apparent until now whether these customers would have been caught up in the breach.
Guardian Australia has asked Optus whether customers of its other brands, are also affected. Optus also resells its mobile services to external companies such as Dodo, Circles.Life and iiNet.
Amaysim, one of those brands, said on Thursday its customers were not caught up in the data breach.
Optus customers continue to raise concerns the company is not providing substantial information, beyond the initial letter informing them of the breach. Some state transport authorities have indicated customers will need to get compensated from Optus directly for licence replacements, but the company hasn’t communicated how that will occur.
Optus is also facing pressure from the federal government to pay for passport replacements, but has not yet said what it intends to do.
Sign up to Guardian Australia's Morning Mail
Free daily newsletter
Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.
Close up of digital equipment
Optus data breach: everything we know so far about what happened
Read more
Advertisement
IDCare – an organisation that helps people who are dealing with identity theft – has received 11,500 calls from Optus customers in the past three days, which is the amount of calls the organisation would normally receive in a month.
The financial services minister, Stephen Jones, met with consumer groups, banks, and key regulators including the Australian Competition and Consumer Commission (ACCC) on Thursday morning to discuss the impacts of the breach.
Jones said customers would feel the effects of the breach for some time, and “there will be a long tail of impact of this data breach”.
“We know that fraudsters [and] scammers are already on to it, whether they’ve got the Optus data or not, they’re attempting to impersonate Optus, they’re attempting to … impersonate licence providers, they’re attempting to impersonate government and government agencies.”
He said it was Optus’s “stuff-up”, that it was up for Optus to compensate customers, not the government, and that every company in the country should be on heightened alert.
Optus has been contacted for comment.
Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents
Follow our Australia news live blog for the latest updates
Get our free news app, morning email briefing or daily news podcast
Smartphone showing an Optus logo
Optus is facing continued pressure over a data breach which resulted in millions of its customers’ personal information being exposed online. Photograph: SOPA Images/LightRocket/Getty Images
Josh Taylor
@joshgnosis
Thu 29 Sep 2022 06.32 BST
Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.
It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.
While the breach was initially considered limited to customers who deal with Optus directly, Guardian Australia has seen emails sent from Optus to former customers of Gomo and Virgin Mobile outlining that their data was included in the breach.
Optus signage
Companies could be forced to delete customer data used to prove ID, Labor suggests
Read more
Advertisement
Both companies are wholly owned subsidiaries of Optus, with the company shuttering the Virgin brand in 2018, but it was not apparent until now whether these customers would have been caught up in the breach.
Guardian Australia has asked Optus whether customers of its other brands, are also affected. Optus also resells its mobile services to external companies such as Dodo, Circles.Life and iiNet.
Amaysim, one of those brands, said on Thursday its customers were not caught up in the data breach.
Optus customers continue to raise concerns the company is not providing substantial information, beyond the initial letter informing them of the breach. Some state transport authorities have indicated customers will need to get compensated from Optus directly for licence replacements, but the company hasn’t communicated how that will occur.
Optus is also facing pressure from the federal government to pay for passport replacements, but has not yet said what it intends to do.
Sign up to Guardian Australia's Morning Mail
Free daily newsletter
Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Service apply.
Close up of digital equipment
Optus data breach: everything we know so far about what happened
Read more
Advertisement
IDCare – an organisation that helps people who are dealing with identity theft – has received 11,500 calls from Optus customers in the past three days, which is the amount of calls the organisation would normally receive in a month.
The financial services minister, Stephen Jones, met with consumer groups, banks, and key regulators including the Australian Competition and Consumer Commission (ACCC) on Thursday morning to discuss the impacts of the breach.
Jones said customers would feel the effects of the breach for some time, and “there will be a long tail of impact of this data breach”.
“We know that fraudsters [and] scammers are already on to it, whether they’ve got the Optus data or not, they’re attempting to impersonate Optus, they’re attempting to … impersonate licence providers, they’re attempting to impersonate government and government agencies.”
He said it was Optus’s “stuff-up”, that it was up for Optus to compensate customers, not the government, and that every company in the country should be on heightened alert.
Optus has been contacted for comment.
