Foreign Affairs Minister Penny Wong has asked Optus to cover passport application fees for anyone caught up in last week’s massive data breach, which affected millions of Australians.
Passport numbers are among the personal details accessed in what the federal government has described as a “basic hack”.
Optus says the data breach was due to a “sophisticated” operation.
The company has agreed to cover the cost of new driver licenses for those who require them in some states and territories.
Now the foreign minister has formally asked for the telco to cover the cost of new passports, in a letter to Optus chief executive Kelly Bayer Rosmarin.
“As you will appreciate, this serious incident creates a risk that the personal information of current and former mutual customers of the Australian Passport Office and Optus will be subject to exploitation by criminals,” Senator Wong wrote.
“There is no justification for these Australians – or taxpayers more broadly on their behalf – to bear the cost of obtaining a new passport.”
A passport ordinarily costs A$193 to replace, while a new passport costs up to $308.
With millions of Australians affected by the breach, the cost for replacing passports (and other personal documents) could run into the tens or hundreds of millions of dollars.
The opposition has previously suggested the government should waive the fees. However, Prime Minister Anthony Albanese said Optus must cover the cost.
“Those opposite want taxpayers to pay for a problem caused by Optus and their own failures on cybersecurity and privacy,” he said.
“That’s not our approach. We believe that Optus should pay – not taxpayers.”
Coalition spokesperson on cybersecurity James Paterson said the government had to ensure those affected were not left to pick up the bill.
“If you’re a victim of the Optus attack and you feel you need a new passport, you shouldn’t be $200 out of pocket because you’re a victim,” he said.
“The federal government should step in and make sure you can get it quickly, and make sure it’s paid for not by the victims, but by Optus.”
Jurisdictions like New South Wales and the ACT have confirmed Optus will reimburse customers, through their Optus accounts, for the cost of replacing drivers licences.
Optus has been contacted for comment.
Medicare numbers also exposed
On Wednesday Optus said it had identified 14,900 valid Medicare ID numbers that were also exposed in the hack, along with 22,000 expired numbers.
Customers with valid Medicare numbers will be contacted within 24 hours, the company said, while those with expired numbers will be contacted over the next couple of days “out of an abundance of caution”.
“Please be assured that people cannot access your Medicare details with just your Medicare number,” an Optus statement said.
“If you are concerned or have been affected, you can replace your Medicare card as advised by Services Australia.”
The telco said its call centers would not be able to provide further information on the matter, instead referring customers to a the government’s Services Australia website for more information.