cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Medicare numbers leaked following major Optus data breach

Minister for Cyber Security Clare O'Neil has expressed serious concern over Medicare numbers being part of the compromised information from the Optus data breach.

user iconReporter
Tue, 27 Sep 2022
Medicare numbers leaked following major Optus data breach
expand image

In a Twitter post, Minister O'Neil has revealed that she was "never advised" about Medicare details being part of the sensitive data stolen from the Optus breach.

"Consumers have a right to know exactly what individual personal information has been compromised in Optus' communications to them.

"Medicare numbers were never advised to form part of compromised information from the breach.


"I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom," Minister O'Neil wrote.

Optus disclosing that it had been hit by a cyber attack through news channels was the "quickest and most effective way" to alert customers and communicate the severity of the situation, with the telco noting that the move was the best way to "get information out there".

Impacted customers have been contacted about the breach and Optus has confirmed it is prioritising those whose identification documents may have been compromised. According to the telco, these customers were notified by Saturday, while those who aren’t affected will be last on the list to be contacted.

The Australian Federal Police (AFP) is also looking into reports that stolen customer data and identification numbers could be for sale through a number of forums, including the dark web.

While no passwords or financial details were compromised in the attack, according to Reuters, some 9.8 million customers were impacted but human error was not to blame for the breach.

Optus has apologised for the breach, and has confirmed it began contacting millions of customers on Friday, 23 September.

Impacted Optus customers impacted at risk of credit fraud

In an interview with Sky News AM Agenda, Trevor Long, a tech expert at EFTM, explained that information could allow those in possession of it to take out credit on behalf of other people.

"I looked at the data and it looks as legit as the first 100 samples he left but I think it’s even more disturbing because we’re now seeing Medicare card numbers in this latest data.

"I found 3,500 driver’s license numbers, 260 odd passport numbers and around 55 Medicare numbers so we're talking about date of birth, address, phone numbers.

"This is hardcore information in terms of your identity," Long said.

Long has warned the telco against paying the ransom because there was "no guarantee" the hackers would delete the data.

"With that information they have, the 100 points of identification to take out credit which will affect your credit rating in the future" Long explained.

Optus could be forced to pay up to $1 billion to Australians affected by the breach, according to Long, as they look to replace their personal documents and forms of identification.

"It will come at a cost and these are the things that Optus is going to have to bear the cost of replacing driver’s license numbers, the cost of identity protection to people is going to be in the billions for Optus, I estimate," Long said.

AFP monitoring dark web for leaked Optus data

According to the Australian Federal Police (AFP), it is now monitoring the dark web and internet forums after reports Optus customers' personal information may be sold online.

Minister O'Neil has made a note that it is very worrying that the Optus customer information is being offered for free and ransom.

"Reports today make this a priority," Minister O'Neil added.

According to Optus, it had been advised by police not to give a number for how many customers have been affected, and that it had contacted all those whose information was compromised in the attack.

Optus customers dating back to 2017 could be at risk of identity theft.

[Related: NATO to further support Albania after cyber attacks]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.