Optus reveals at least 21 million ID numbers exposed in massive data breach Optus The Guardian

pTelco says 150000 passport and 50000 Medicare numbers have been stolen as it announces independent reviewppOptus has commissioned Deloitte to conduct an independent external review of the companys massive data breach with a focus on security systems and processes as it announced at least 150000 passport and 50000 Medicare numbers were stolenppTwelve days since the breach of the personal information of 10 million customers the Singtelowned company announced on Monday that the review put forward by CEO Kelly Bayer Rosmarin to the Singapore parent companys board was supported unanimouslyppBayer Rosmarin said Deloitte would undertake a forensic assessment of the breachppOn Monday afternoon Optus said it had identified that 21m customers had one form of ID number exposed in the breach with 900000 of those being ID numbers from expired documents This included about 150000 from passports and 50000 from Medicare cardsppThis review will help ensure we understand how it occurred and how we can prevent it from occurring again It will help inform the response to the incident for Optus This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists Bayer Rosmarin saidppI am committed to rebuilding trust with our customers and this important process will assist those effortsppSign up to receive an email with the top stories from Guardian Australia every morningppThe review would be in addition to the work Optus was undertaking with technical professionals within the federal government to understand how the breach occurred Australian Signals Directorate is also working with other telecommunications providers to ensure they do not have similar vulnerabilitiesppIn the past day Optus has sent text messages or emails to customers who had their drivers licence numbers taken in every state and territory bar Victoria and QueenslandppOptus said on Sunday that it was working to provide advice to customers in those states as soon as possibleppNSW and ACT residents have been informed that because their governments use the national document verification service they only need to replace their licence if the licence number and card number were exposedppSign up to Morning MailppOur Australian morning briefing breaks down the key stories of the day telling you whats happening and why it mattersppafter newsletter promotionppThe company has also alerted those customers who had their Medicare card numbers exposedppOn Sunday the government services minister Bill Shorten said about 36900 people had their Medicare card numbers exposed in the breach but Optus had yet to tell Services Australia which customers were exposed despite the government requesting the information last weekppI accept that Optus has got a lot on their plate at the moment but I think there should be more initiative displayed by Optus he saidppThis shouldnt be a game of WhacAMole where we work out what the problem is and then we go to the corporation and say help us stop the problemppThe home affairs minister Clare ONeil said on Sunday the company had informed 10200 customers that their records had been posted online as part of a ransom demand from an alleged attacker on a data breach forum The user later deleted the post dropped the demands and apologised for leaking the datappONeil said existing cybersecurity laws passed in the last parliament were absolutely useless when the Optus breach occurred and while the government had been able to rely on powers in the Telecommunications Act to get Optus to provide the government information she flagged the next breach might not be a telecoms companyppLooking at the powers that we have in an emergency is something thats going to have to happen she saidppONeil said the Australian federal police would provide an update on the status of the investigation into who had obtained the data and posted it online in the coming daysppGuardian Australia has sought comment from Optusp