For the last week here in Australia, there’s been one story dominating the headlines.
:quality(70):focal(-5x-5:5x5)/cloudfront-ap-southeast-2.images.arcpublishing.com/tvnz/ERPOQS3ZFNE4JE4T2CKETJMC3U.jpg)
Telecommunications company Optus has been caught up in one of Australia’s biggest cyberattacks, and the ramifications are significant.
The company has previously warned that up to 9.8 million customers could’ve had their data exposed in the breach in the “worst case scenario”.
Information such as names, contact details, driver’s licence and passport numbers have been exposed as part of the breach.
While the person claiming responsibility for the hack says they’ve since deleted the data, cybersecurity experts are warning the damage has already been done.
Optus has been unable to confirm how many New Zealanders who’ve purchased SIM cards from the company have had their data exposed, but if you think how many people buy one after they’ve landed at the airport, it potentially could be thousands.
1News is aware of at least 10 customers with New Zealand passports who’ve had their data shared online already, with many others receiving emails from Optus saying their data has been put at risk.
Today, we asked the officials issuing New Zealand passports who should be paying to produce new ones.
New Zealand’s Department of Internal Affairs says it’s working with Optus to understand the impact for New Zealand Passport holders but says its passport systems have not been breached.
It’s encouraging people to look into whether they’ll need to replace their passport.
DIA also says normal fees will still apply to passport renewals as New Zealand law does not enable the department to waive the cost in these circumstances.
So, we reached out to Optus to ask whether they’ll be footing the bill to replace passports.
We’re yet to receive a straight answer, unlike Australian license holders who are getting free replacements.
Frankly, it should be a no-brainer for the company.
Consumers are forced to hand over this information in exchange for a service, and part of that deal should be that the information is going to be stored securely.
It’s the digital equivalent of handing over your phone and wallet to the officers at the airport security desk and getting through the body scanner only to discover they’ve lost your items and don’t know where they’ve gone.
At a bare minimum, Optus should be offering to pay to replace passports.
If they really wanted to put things right by their customers, they’d be compensating for the time and energy it’ll take to change passwords, emails and licenses too. We all know how much of a headache that can be!
One of those affected is Brad Wolfe, who’s living in Australia on a New Zealand passport.
In an email, an Optus spokesperson said his name, date of birth, email, phone number, address, and passport number had been exposed.
The company then reassured him that “importantly, no financial information or passwords have been accessed”.
Brad told 1News that Optus should be compensating customers for time wasted updating accounts and getting new identity documents issued.
“The problem is a lot of institutions as well, they don’t actually change stuff unless identity fraud has been committed, which obviously is retroactive and doesn’t actually deal with the problem.”
He said that while it’s not up to New Zealand’s Department of Internal Affairs to offer replacement passports, he’d like to see Optus cover the cost.
“There’re all these horror stories that you hear about people that find out that somebody has taken all their information and their identity and created stuff,” he said.
“Later on, you go to apply for a mortgage or a credit card or loan and suddenly, you’re told that you’re $30,000 in debt to an institution you’ve never heard of.”
What should you do?
The New Zealand Department of Internal Affairs says it encourages people who are affected to check the advice on the IDCARE website and stay up to date with the information Optus is providing on their website.
Optus says it’s contacting customers via SMS or email if they’ve been affected and is offering them a 12-month subscription to Equifax Protect credit monitoring.
Australian law firm Slater and Gordon has also said it’s looking into possible class action against the telecommunications company on behalf of customers.
Discussion about this post