This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/business/2022/oct/17/optus-tells-customers-affected-by-data-breach-they-can-no-longer-use-passports-as-online-id
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Optus tells customers affected by data breach they can no longer use passports as online ID | Optus tells customers affected by data breach they can no longer use passports as online ID |
| (3 months later) | |
| Exposed passport numbers blocked from being used in national Document Verification System | Exposed passport numbers blocked from being used in national Document Verification System |
| Optus customers told they would not need a new passport after their documents were compromised in the recent data breach have now been notified that they can no longer use this document for online identification. | Optus customers told they would not need a new passport after their documents were compromised in the recent data breach have now been notified that they can no longer use this document for online identification. |
| Daniel Reeders, whose passport was one of more than 100,000 exposed in the Optus hack, had been told that all was well and he did not need to start the process to receive a new passport. | Daniel Reeders, whose passport was one of more than 100,000 exposed in the Optus hack, had been told that all was well and he did not need to start the process to receive a new passport. |
| However, late Friday he was informed he would no longer be able to use his passport online as identification. | However, late Friday he was informed he would no longer be able to use his passport online as identification. |
| The Sydney health promotion practitioner does not drive, so his passport was his main identification document. But Optus asked the federal government to block exposed passport numbers from being used in the national Document Verification System. | The Sydney health promotion practitioner does not drive, so his passport was his main identification document. But Optus asked the federal government to block exposed passport numbers from being used in the national Document Verification System. |
| The DVS was used for government departments, granting access to health and welfare payments, and for banks and other institutions. | The DVS was used for government departments, granting access to health and welfare payments, and for banks and other institutions. |
| “I was so angry that Optus took that action without consulting the people affected,” Reeders said. | “I was so angry that Optus took that action without consulting the people affected,” Reeders said. |
| “If they’d asked me, I probably would have taken the chance with someone using it … I wouldn’t have cut off my only identification.” | “If they’d asked me, I probably would have taken the chance with someone using it … I wouldn’t have cut off my only identification.” |
| More than three weeks after Optus revealed a massive cyber-attack had put about 10 million customers at risk, the ramifications have continued to ripple. | More than three weeks after Optus revealed a massive cyber-attack had put about 10 million customers at risk, the ramifications have continued to ripple. |
| My passport number was included in the #OptusHack. Without asking me, @Optus has blocked me from using my passport to verify my identity.I don't drive; my passport is my primary identification document. I am not happy, Jan. pic.twitter.com/ELWXd21Bzk | My passport number was included in the #OptusHack. Without asking me, @Optus has blocked me from using my passport to verify my identity.I don't drive; my passport is my primary identification document. I am not happy, Jan. pic.twitter.com/ELWXd21Bzk |
| Optus said valid passports would be blocked from the DVS for three years past their expiry. There were “specific circumstances” where customers would be reimbursed to replace their passports, but that process was yet to be formalised. | Optus said valid passports would be blocked from the DVS for three years past their expiry. There were “specific circumstances” where customers would be reimbursed to replace their passports, but that process was yet to be formalised. |
| Sign up for our free morning newsletter and afternoon email to get your daily news roundup | Sign up for our free morning newsletter and afternoon email to get your daily news roundup |
| Sign up for our free morning newsletter and afternoon email to get your daily news roundup | Sign up for our free morning newsletter and afternoon email to get your daily news roundup |
| The Australian Passport Office said the move would “safeguard customers’ personal identity information online”. | The Australian Passport Office said the move would “safeguard customers’ personal identity information online”. |
| “Once a customer’s Australian passport has been blocked through the DVS, they can still take their passport physically with them to an institution or establishment as proof of identity,” it said. | “Once a customer’s Australian passport has been blocked through the DVS, they can still take their passport physically with them to an institution or establishment as proof of identity,” it said. |
| The alleged hacker took names, birth dates, phone numbers, addresses, passport, healthcare and driver licence details. | The alleged hacker took names, birth dates, phone numbers, addresses, passport, healthcare and driver licence details. |
| In the confusion and panic after the attack, people queued to replace their compromised documents, and the government has now ramped up its efforts to tighten up privacy laws. | In the confusion and panic after the attack, people queued to replace their compromised documents, and the government has now ramped up its efforts to tighten up privacy laws. |
| The prime minister, Anthony Albanese, said Optus should pick up the tab for new passports, and Optus has said it would pay for replacements. | The prime minister, Anthony Albanese, said Optus should pick up the tab for new passports, and Optus has said it would pay for replacements. |
| On Friday, the Optus chief executive, Kelly Bayer Rosmarin, said the right safeguards had been put in place so that “no customer who had a passport number exposed” needed to get a new passport. | On Friday, the Optus chief executive, Kelly Bayer Rosmarin, said the right safeguards had been put in place so that “no customer who had a passport number exposed” needed to get a new passport. |
| Sign up to Guardian Australia's Morning Mail | Sign up to Guardian Australia's Morning Mail |
| Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter | Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter |
| after newsletter promotion | |
| But their existing passports would now no longer be accepted online for crucial administrative tasks. | But their existing passports would now no longer be accepted online for crucial administrative tasks. |
| The Department of Home Affairs created a register so that “compromised identities” would not be used fraudulently. It does that by stopping them being verified through the DVS. | The Department of Home Affairs created a register so that “compromised identities” would not be used fraudulently. It does that by stopping them being verified through the DVS. |
| “However, this means rightful owners will not be able to use them online,” the department said in a statement. | “However, this means rightful owners will not be able to use them online,” the department said in a statement. |
| “New credentials issued following the data breach will work as normal. | “New credentials issued following the data breach will work as normal. |
| “In the interim, impacted individuals should consider using alternative credentials or speak to service providers that ask for identification for other options, such as visiting the service in person to present the credential.” | “In the interim, impacted individuals should consider using alternative credentials or speak to service providers that ask for identification for other options, such as visiting the service in person to present the credential.” |
| Reeders has now switched telcos, and accused Optus of “bad faith”. | Reeders has now switched telcos, and accused Optus of “bad faith”. |
| “It was sneaky dropping that in my inbox at 4pm on a Friday,” he said. | “It was sneaky dropping that in my inbox at 4pm on a Friday,” he said. |
| “[They were] taking out the trash.” | “[They were] taking out the trash.” |
| Guardian Australia has contacted the home affairs department for comment. | Guardian Australia has contacted the home affairs department for comment. |