The ACT government should allow Canberrans affected by the Optus security breach to change their driver's licence number as soon as possible, the opposition says.
Access Canberra has received an influx of requests to change driver's licence numbers in the wake of Optus's data being compromised.
Attorney-General Shane Rattenbury said he is also investigating which ACT government records are at risk of being compromised after the Optus security breach that has affected 9.8 million Australians.
Cyber security researcher and writer Jeremy Kirk from ISMG Corp said the illegally obtained information includes passport and driver's licence numbers, dates of birth and home addresses.
The breach has prompted some affected people to try to change their driver's licence number.
Mr Rattenbury told ABC radio the ACT government would "obviously need to have a look at [this] as well because I know it's a question that people are raising and I will need to talk with my colleagues about what the issues are for the ACT".
The Canberra Liberals called for the ACT government to allow people to replace their driver's licence numbers, after the NSW government announced it would allow victims to do so.
Opposition regulatory services spokesman Ed Cocks said it was critical the government made this available quickly.
"Without quick action from the ACT Labor-Greens government, Canberrans are vulnerable to identity theft," he said.
"The NSW government already has a process to replace licence numbers and is actively encouraging NSW victims to do so.
"Inaction by the ACT Labor-Greens government will only make already distressed victims even more vulnerable to identity theft."
Mr Rattenbury said the ACT government has a contract with the telecommunication company, including for ministers' phones.
"We're obviously thinking very closely about what role, if any, there is for the ACT government. Predominantly it sits with Optus and many of the federal authorities at this point, but we will need to think it through as well," he said.
"Certainly for myself and I think all the other ministers, our accounts are provided through Optus, our phone service, so not directly personally for us individually, but obviously the ACT government has a range of information sitting with Optus."
He is not familiar with the details of what information is with Optus, but said ministers' personal information had not been affected.
He added the ACT government will need to get more advice from the security and emergency cabinet committee, and it will investigate how to better protect the ACT government and improve cybersecurity.
"We obviously, as the government, have a lot of people's information for the various interactions they have with ACT government. I think this will also be a source of some important lessons for our IT and security divisions," Mr Rattenbury said.
"Certainly there will be discussions about whether there are any implications for the ACT government. It is, as you say, a fast evolving situation. And I think everyone's scrambling a bit to to work out what's going on."
A person claiming to be the hacker said they will release batches of customer information every day over the next four days if Optus doesn't give into their demands for $1.5 million.
However later backtracked on the threat, saying they had deleted the data and apologised to Australians affected.
Jeremy Kirk tweeted saying Optus confirmed to him "it has not paid a ransom to the person who stole 10 million customer records".
The breach and extortion demand is being investigated by the Australian Federal Police with the newly formed Operation Hurricane.
Optus chief executive officer Kelly Bayer Rosmarin defended her company on ABC RN on Tuesday morning, saying "we are not the villains", after Home Affairs Minister Clare O'Neil critiqued the company's cybersecurity and said Australia is "a decade behind in privacy protections".
If you are concerned that your information may have been included in the recent Optus data breach, check the Optus website for information and contact Optus via the My Optus App or call 133 937.
Support is also available via IDCARE, Australia's national identity and cyber support service. You can contact IDCARE for free support on 1800 595 160 or visit idcare.org. They also have a fact sheet available here.
We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.
