Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Business
Paul Osborne and Tess Ikonomou

Banks, regulators to stem Optus fallout

Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach.

Treasurer Jim Chalmers said the government had been "working around the clock" and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns.

"We'll do our best to resolve these issues as soon as we can as part of a suite of broader efforts," he said.

"We want to ... make sure that if there's more that can be done by financial institutions to monitor risks and protect consumers, then that should be done."

Opposition Leader Peter Dutton said affected customers shouldn't be out of pocket, and called for the government to waive fees, or pay for them and seek to be reimbursed from Optus.

Mr Dutton said the coalition was open to legislation that would impose fines on telcos for similar breaches in the future.

Health Minister Mark Butler said it was "deeply unfortunate" the government was only notified Medicare details were included in the breach in the last 24 hours.

The government is being urged by the coalition to waive the fees for new passports needing to be issued following the breach.

In a joint statement, opposition cyber security spokesman James Paterson and opposition health spokeswoman Anne Ruston said Mr Butler should provide advice on "what direction he has provided his department to actively protect the confidential personal Medicare numbers".

Assistant Treasurer Stephen Jones said passports had multiple layers of security and were still safe to use.

"Any costs associated with replacing documents, frankly ... it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... a stuff up by Optus," he told Sky News.

Meanwhile, the FBI is joining the Australian Federal Police in probing the alarming incident.

Attorney-General Mark Dreyfus revealed the international cooperation as the group behind the breach scrapped its ransom demand and claimed to have deleted the 11 million customers' records it scraped from the telco's website.

The attempt to force Optus to pay $US1 million ($A1.54m) by Friday was dropped hours after the group released a batch of 10,000 Australian customers' sensitive details on a data breach forum on the clear web.

The illegally obtained information includes passport, Medicare and driver's licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.

Several state governments have struck agreements with Optus to protect customers whose driver's licences were compromised.

In Victoria and NSW, people can get replacement cards and Optus will cover the costs.

Affected customers in Queensland and South Australia can organise replacement licences free of charge, while the ACT and other jurisdictions are still working through the issue.

The hackers said they would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.

Optus says it has sent emails or SMS messages to customers whose details were compromised and apologised for the concern it has caused.

But it insists payment details and account passwords were not compromised.

The privacy commissioner has urged Optus customers to be vigilant and not click on any links in text messages.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.