Government Services minister Bill Shorten has levelled a fresh broadside at embattled Singaporean-owned telecommunications company Optus, demanding the carrier immediately hand over details of customers whose Medicare numbers were compromised as part of a massive data breach.
In a joint statement issued with minister for home affairs and cybersecurity Clare O’Neil, Shorten said Optus was yet to hand over details to the government of customers whose exposed details are at risk, a move that paves the way for direct government intervention to extract details of the hack.
“Services Australia wrote to Optus on September 27 asking for the full details of all affected customers with Services Australia credentials exposed, such as Medicare cards and/or Centrelink Concession Cards,” the joint statement issued Sunday said.
“Services Australia will use that information to place additional security measures on affected customer records, as required. It will also use the information to prevent future fraud.
To date, there have been no impacted customer details provided by Optus in relation to this request.”
The accusation that Optus is yet to furnish the government with data sets of affected customers five days after the agency demanded the names of customers strongly indicates that Canberra intends to the company over the compromise of federally issued credentials to force it to pay reissuance costs.
Optus has already bucked to demands to cough up for the costs of reissued passports and some driver’s licences as government agencies attempt to prosecute the equivalent of a ‘polluter pays’ principle to sheet back costs for breaches to industry.
While consumer class actions over the Optus breach have already been flagged, banks, telcos and other regulated industries have, for years, been required to harvest personal identifiers as part of strict Know Your Customer regulations which require them to furnish proof of 100 Point ID checks.
The key anti-money laundering, AUSTRAC, which recently extracted billions in fines from banks for suspicious-transaction-compliance failures requiring customer identification has been effectively silent during the Optus debacle.
Shorten and Clare, not so much.
“We all carry a Medicare card around in our wallet, so it is no surprise that Australians are deeply concerned about what has happened here,” Shorten said.
“Services Australia has been working around the clock to help protect customers, but we need Optus to help us help Australians.
“This was a breach that should never have happened.
Cyber minister Clare O’Neil was equally damning of Optus.
“Optus needs to communicate clearly to the Australian Government, and to their customers, about exactly what information has been taken regarding specific individuals,” O’Neil said.
“This will enable us to make sure that those 10 million Australians who have had some of their personal information stolen are not at risk of some type of financial crime or online fraud.”
It is still unclear what effect rolling over or changing Medicare numbers will have on the operations of primary health providers or the Easyclaim system, which provides real-time Medicare benefit refunds for practitioners who do not bulk bill.
:
Any feedback or news tips? Here’s where to contact the relevant team.