• long running

Free Replacement of Passport for Eligible Optus Data Breach Customers @ Australian Department of Foreign Affairs and Trade

3223
Free Replacement of Passport for Eligible Optus Data Breach Customers @ Australian Department of Foreign Affairs and Trade
Go to Deal
Taegukgi on 30/09/2022 - 12:57 passports.gov.au (14971 clicks)
Last edited 14/10/2022 - 19:06 by 4 other users

For those affected by the Optus data breach.

Announcement by Anthony Albanese on Facebook.

An important update for all Australians on the Optus security breach.

After actions taken by myself, Penny Wong - Senator for SA and Clare O'Neil MP, Optus has agreed to pay for replacement passports for those affected by the data breach.

From DFAT page:

If I decide to get a new passport, will I need to cover the cost?

Optus has indicated it will cover the costs of replacing affected customers’ passports. On 30 September, the Prime Minister confirmed that Optus will cover costs for affected customers wishing to receive a new passport due to the breach. The APO is working with Optus to finalise these arrangements. Optus will contact customers that are affected.

Update 14-Oct-2022

Information copied from the Optus Website regarding passport information

Do I need to replace my Passport?

For Australian passport holders, the advice from the Department of Foreign Affairs and Trade (DFAT) is that you do not need to replace your passport.

For New Zealand passport holders with concerns, contact New Zealand Internal Affairs (NZIA).

For International Passport holders, Optus is working with the Department of Home Affairs to provide advice to these customers. You will be contacted if you need to take any action.

To help you identify the numbers this article refers to, please visit our ID Document Number reference guide.

Australian Passport Holders

There are four groups of customers with Australian passport information exposed. If Optus contacts you, we will notify you of the group to which your circumstances relate.

If you remain concerned, for Australian Passport holders there are specific circumstances where we will provide reimbursement to eligible customers to replace their passport. This process will be formalised in the coming week. Please contact us then for more information.

Please read the website for more information at https://www.optus.com.au/support/cyberattack/passport-inform…

Travel Passport

Related Stores

Australian Passport Office
Australian Passport Office
Optus
Optus

Comments

    • GeneralSkunk on 30/09/2022 - 18:07

      Yeah plaintext email is used for so much sensitive information. It’d be a goldmine.

      • Nom on 30/09/2022 - 22:34
        +2

        Those days are long gone - most email is transmitted with TLS encryption these days.

        https://transparencyreport.google.com/safer-email/overview?h…

        • GeneralSkunk on 01/10/2022 - 08:00

          Those days are still with us, not long gone. It’s true a number of email providers are moving to TLS but lots don’t still. My work doesn’t I’m sure and we send heaps of commercially sensitive stuff to suppliers and so on. That page you linked to says Google are moving that way. I use Posteo, they use it where possible but it depends on the recipient email server.

          Years ago I started using public key cryptography to sign and encrypt emails but nobody else except a geeky matter of mine used it, that never really took off.

          • Nom on 01/10/2022 - 10:24

            @GeneralSkunk: Not sure why you didn't read the link I posted ?

            79% outbound and 91% inbound from Google is sent with TLS, and all the major providers like Microsoft are onboard.
            You can even check individual domains if you want to be certain about a specific provider.

            Unless you're using some obscure email service like your individual workplace, your email is probably not sent as plain text.

  • Regie69 on 30/09/2022 - 17:33
    +1

    Glad I renewed my passport 2 weeks ago. Already got the email saying it on it way .

  • Grish on 30/09/2022 - 17:34

    The problem isn't that the ID data wasn't stored encrypted, even if it was the "API" would have probably gone ahead and decrypted it for the client anyway (why else include the field in the API in the first place?).

    The problem is seemingly no physical and or logical separation between the pre-prod and prod data access (database and API service).

    Or, even worse it was a non obfuscated copy of prod data into the pre-prod database.

  • Wolfy on 30/09/2022 - 17:48
    +4

    "Optus has indicated it will cover the costs of replacing affected customers’ passports. On 30 September, the Prime Minister confirmed that Optus will cover costs for affected customers wishing to receive a new passport due to the breach. The APO is working with Optus to finalise these arrangements. Optus will contact customers that are affected."

    Given the lack of communication, clarity, admitting their is a problem or even talking with their customers, this makes the entire process and procedure total bollux.
    (As someone impacted, I'm actually on the phone to Optus as I type this)

    • rmk on 30/09/2022 - 17:58

      Frustrating for everyone - I’m not a current customer but I know my passport was affected as that’s my Primary ID but I don’t think I was in the 10,000 released but can’t be sure.

  • GameBunny on 30/09/2022 - 17:57

    Hmm Optus said they did not have any passport details associated with my account. I am therefore safe I guess.

    • rmk on 30/09/2022 - 17:59

      They would only have it if you used it as your ID when signing up.

  • Daddy Chill on 30/09/2022 - 18:19

    Optarse just got bent over and fisted

  • nikey2k27 on 30/09/2022 - 19:15

    Can I ask dose hacker just have number or photo/scan of passport. needing Travel in next few week

    • hippo2s on 30/09/2022 - 20:06
      +1

      pretty sure it was just the numbers in the api strings, so no photos/scans. 9 million photos would have taken a loooooooong time to download

    • rmk on 30/09/2022 - 20:13
      -1

      No the email states that copies of photo ids were affected.

      • rmk on 30/09/2022 - 21:46
        +1

        no copies

  • FlatulentFrank on 30/09/2022 - 21:32
    +1

    Sometimes it's hard to remember it's a bargain website. Fair bit of debating on nonsense opinions folks will never change. @OP great deal and helpful for me and probably many others.

  • syousef on 01/10/2022 - 00:45

    Doubt I can even get access to my old Optus accounts anymore. I don't have the Bigpond email I used to log in, and their 2 factor code is wanting to go to a long since deactivated sim.

  • jedimaster on 01/10/2022 - 04:13

    Anyone managed to get their passport priority fee refunded due to delay in issuance?

  • TEER3X on 01/10/2022 - 04:40

    Getting new document numbers is a band aid fix. The whole system needs to be overhauled.

    This will happen again.

  • G-rig on 01/10/2022 - 08:08

    Was an optus customer until Feb 21.
    I assume they contact you if your passport or Medicare details were affected, similar to driver's licence? Don't think they'd have my passport number.

    • Rain Cloud on 01/10/2022 - 08:16

      I dont know what your email says but mine just said ID numbers (and said drivers licence, passport, etc, without specifying what was leaked) I changed my licence and medicare but not passport as i am fairly sure i havent used it as ID since it was renewed. I wouldnt rely on them contacting you personally about this. Theres a few million people affected.

      • G-rig on 01/10/2022 - 08:54

        I got this email, so was planning on getting a new d/l, should do Medicare too then. Doubt I would have provided the passport number. I can still log into Optus site, couldnt see anywhere where it says what info affected.

        The information which has been exposed is your name, date of birth, email, phone number, address associated with your former account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected

        Cheers

        • Rain Cloud on 01/10/2022 - 08:58

          I got the same email. Changing drivers licence number was a bit of a pain but i guess better safe than sorry as I 100% gave it to Optus. Medicare was easy to change online, they only change the last digit but better than keeping it the same i guess.

          • G-rig on 01/10/2022 - 09:00
            +1

            @Rain Cloud: Yeah will wait till the queues die down a bit - agree worth doing.
            Thanks for a tip, will do medicare online!
            Already got equifax from another company i worked for lol, so should be ok in the interim.
            Cheers,

          • G-rig on 01/10/2022 - 09:16

            @Rain Cloud: ps, Medicare online - assume you mean in MyGov and you just go to 'Order a replacement card', and say it's lost?

            • Rain Cloud on 01/10/2022 - 09:21

              @G-rig: I clicked stolen..cause thats kind of what it is lol

              And yes i think thats how to do it on mygov. I did it on the medicare app but should look similar

              • G-rig on 01/10/2022 - 09:41
                +1

                @Rain Cloud: oh right, that's probably a more accurate description but would yield the same result.
                Just did on the MyGov website (as you said it just increases the last number by one).
                Cheers,

  • Dick10 on 01/10/2022 - 08:24
    +3

    When will Optus advise affected customers that their drivers licence, passport etc has been compromised? Optus advice is vague and useless. Do I assume that if I have not been contacted as yet, I'm ok? Their app chat is non specific for a particular account and is simply a broad catch all .

    • G-rig on 01/10/2022 - 08:55
      +1

      Agree, it's not very specific - did you get the email similar to abovementioned?

      A relative got a different email saying their info wasn't compromised.

    • Lurk Hartog on 01/10/2022 - 10:27

      Put a credit ban on your name until you hear from them. That's what I'm doing.

  • hamwhisperer on 01/10/2022 - 12:47
    -1

    Does anyone know if we'll get a fresh longer expiry date?

    • rmk on 01/10/2022 - 13:03
      +1

      I doubt it, it’ll be a replacement if it still has more than 2 years left. You might be lucky with one that has less than 2 years left though.

  • newby2010 on 01/10/2022 - 13:38
    -4

    Jesus, came here to find out what the story is - all I see are racial issues. Since when has Oz Bargain became a political forum.
    Getting out of here….

  • Dick10 on 02/10/2022 - 10:07

    I am still confused after receiving email 26/9 that personal info ( non specific) had been hacked. App response and other blogs says customers will be contacted in the future. Are Optus advising affected customers on a case by case basis specifying what has been revealed ( drivers licence, passport, Medicare, dob, email, address whatever) . I assume that the email 26/9 was generic to their 9.8 million current and previous customers. I can't remember what I used decades ago to provide 100 point check and don't want to change drivers licence or passport unnecessarily.

    • drhip on 02/10/2022 - 10:19
      +1

      Same. Optus is useless. We're waiting for them to confirm which info/data was leaked so that we can make a move. Live chat is hopeless as well

    • Rain Cloud on 02/10/2022 - 14:40
      +1

      I only received one email, on the 25th, saying my name, DOB, email, ID were exposed. Didnt specify what ID but my passport had been renewed since i gave them ID so i didnt bother with that. If you used your passport 'decades ago' then it would have expired/renewed since then and the number would have changed.

  • Dick10 on 02/10/2022 - 10:43

    Good luck to the hackers getting financial benefits from stolen IDs. I Tried to increase credit limit from minimum card limit with Bank west after being a customer for more than 10 years. Can't do it on the internet.
    Only 2 branches in Brisbane, one in the CBD and one in the sticks.
    After waiting the obligatory 30 minutes to talk with a Perth employee was advised it would take 30 minutes on the phone plus supplementary financial docs. As a self funded retired with a spotless payment history, I told them it was ridiculous and why not just use history. They advised banking royal commission didn't allow them.I did not proceed and simply manage the limit by cash flow strategy.
    Surely there are enough checks and balances in the system to stop broadscale financial scams by the Optus scammers.

    • twocsies on 02/10/2022 - 16:39

      The problem is that the hackers know the system better than the customers. They will know exactly what they can do to get financial benefit.

      • G-rig on 02/10/2022 - 20:25
        -2

        No one has actually been hacked yet I would have thought? Is there a single case of anyone losing their house yet

      • G-rig on 03/10/2022 - 21:53

        Just go into Optus and ask if you're worried..
        Quick to update your Medicare online, get a new licence at TMR (just have to wait till the queues die down a bit). I don't think many people would have used a passport for ID if they have a driver's licence.

  • coolsteps on 02/10/2022 - 12:21

    REF . "The APO is working with Optus to finalise these arrangements. Optus will contact customers that are affected." so has anyone been contacted about their passport replacement costs being covered yet and what the process will be?

    • rmk on 02/10/2022 - 13:07

      Not yet.

    • Rain Cloud on 02/10/2022 - 14:36

      If they only cover the costs of those they initiate contact with..god knows how long you'd wait til you found out yours was definitely (according to optus) affected lol

    • twocsies on 02/10/2022 - 16:40

      Because no Optus customers have been advised that their passport replacement will be covered, doesn't that imply that this whole post about free passport replacement is targeted and mostly wishful thinking?

      • rmk on 02/10/2022 - 18:30

        I’m guessing they are doing it bit by bit - Medicare and Drivers licences first.

      • G-rig on 02/10/2022 - 20:26
        -2

        Ozbargain is the new whinge pool

    • Iluvfreebies-freeDel on 03/10/2022 - 07:51
      +1

      If optus is going to contact customers who are affected then they will make sure they would save on cost by not contacting all customers,
      This should be handled by Govt agency and not by optus.

      • rmk on 03/10/2022 - 10:04

        This would mean Optus would need to release all the details to the government and I don’t think they are willing to do that.

  • rmk on 03/10/2022 - 18:06

    150,000 passports affected and apparently everyone has been contacted. I’m not convinced.

    • G-rig on 04/10/2022 - 08:16

      why don't you ask them yourself if they have your passport info? Pretty quick on the chat.

      • rmk on 04/10/2022 - 08:20

        Not a current customer so chat isn’t an option. Facebook chat wasn’t very helpful. Got the standard “if you’re affected you’ll be contacted”.

        • G-rig on 04/10/2022 - 08:31

          Ah ok, yes I haven't been with them for ages but could still log in.
          guess have to wait to see if affected, or could just replace d/l if worried.

          I just placed a credit check ban anyway, until I hear if my d/l is affected:
          https://www.equifax.com.au/eform/submit/credit-ban

  • rmk on 05/10/2022 - 10:33

    Has anyone been contacted yet in relation to a passport?

    • G-rig on 05/10/2022 - 11:04

      Do you reckon you have them your passport details?
      I'd just ask them.

      • rmk on 05/10/2022 - 11:12

        I know my passport was used for my ID as I don’t drive.

        • G-rig on 05/10/2022 - 11:50

          wait till they contact to say if affected i guess

  • oblueknighto on 05/10/2022 - 11:05

    Not really a deal since basically nobody has been "affected" according to Optus.

    • rmk on 05/10/2022 - 11:11

      They’ve stated 150,000 passports but I’ve not heard of anyone being contacted as yet. They were still notifying DL people yesterday.

    • altomic on 05/10/2022 - 16:30

      according to Phillip Morris nobody has been "affected" by smoking cigarettes …..

  • Initial D on 05/10/2022 - 15:54

    Is there an official procedure provided by Our Profiles To Underground Sellers that is gonna cover all the cost of changing overseas passports?

  • altomic on 05/10/2022 - 16:29

    had to replace my daughters passport. paid for express. got it in 10 days,.

    • G-rig on 05/10/2022 - 16:52

      I remember when 'express' used to be within 3 days and ~$130

    • rmk on 05/10/2022 - 17:56

      So you heard from Optus or you paid for it yourself?

  • rmk on 05/10/2022 - 21:04

    Was able to contact Optus even though I’m not a current customer and got the same info as most. Confirmed what I already knew that my passport was involved and then they said I’d be contacted in the next week and that they are “working closely” with authorities! Avoided my questions about would I get refunded if I went and got a new passport before officially being informed.

  • ozizoy on 06/10/2022 - 14:12

    what to do….. I am still waiting for their response.

    • rmk on 06/10/2022 - 14:19

      Have you had any correspondence at all from them? I’ve only had the initial email - I went on the app yesterday to chat with them.

  • rmk on 07/10/2022 - 14:27

    So I’ve just been into Optus chat again about my passport and they are still giving the stock standard response of “you need to wait to be contacted”. Frustrating.

    Has anyone here got a new drivers licence number, paid for it and then been able to be reimbursed from Optus if you did it before being officially told by Optus?

    • Rain Cloud on 07/10/2022 - 18:14

      I got a follow up email last weekend saying upon further investigation, my drivers licence was exposed. But im from Qld and got a new drivers licence number for free before that confirmation. I got an email the week before that saying my details, including licence numbers were exposed but the next email specified DL

      Edit not sure if you were asking about passport or DL as this is a passport page but you asked about DL

  • rmk on 10/10/2022 - 13:58
    +1

    Optus advised via chat that Medicare and Passport people are still to be contacted. They could only tell me people would be contacted soon. They also told me that If you seek out new ID and pay for it before officially being told you’re not entitled to a refund.

    They also told me they keep chat information for 13 months.

  • linkii on 14/10/2022 - 14:53
    +1

    Wtf is this. They are not replacing:

    During analysis as part of our ongoing investigation, we’ve discovered the number on your Australian Passport was exposed. Please note, a copy of your passport including your image was not exposed.

    The Australian Government is working with Optus to safeguard customers from identity crime, including providing advice on actions you can take.

    As a result of the government’s rapid response, you don’t need to replace your passport.

    If your passport is still current, the Department of Foreign Affairs and Trade has advised it’s safe to use your passport for international travel. The Australian Passport Office has robust controls to protect your identity, including facial recognition.

    To prevent the misuse of your identity, we have asked the Department of Home Affairs to block the use of your passport through the Document Verification Service (DVS). This means it can’t be used to verify your identity online via the DVS. You can still use your passport to verify your identity in-person for up to three years past its expiry.

    • Rain Cloud on 14/10/2022 - 19:50
      +2

      Why the f are they not replacing it and just blocking its use to verify ID online (therefore inconveniencing people) ??? I mean they could have did the same thing with drivers licences but didnt, so why replace those but not passports? Especially if confirmed leaked??

      • rmk on 14/10/2022 - 20:04
        +1

        I’m guessing $$. They have told me my passport had expired but I used my passport in 2017 as ID, it was valid then and still is now. Now they claim they must have had my old passport details on file still. I was with them, left them, went back and are not with them now. This is over quite a few years. I said well that passport would have been more than 10 years old so why did you still have it on file!

        I now have to go into an Optus store tomorrow to find out what passport number they had. Due to security reasons they couldn’t tell me on chat. I don’t believe them, if they’d not dragged their feet and spun lots of crap I might have had more faith.

        I don’t have any other form of ID that can be used digitally.

        • Rain Cloud on 14/10/2022 - 21:36
          +1

          Good luck mate. Ironically you may be asked to confirm your ID with said passport instore lol

  • [Deactivated] on 15/10/2022 - 08:26
    +3

    Optus is shit, sent me the same email that my passport detail has been compromised and its only my passport number but they also stated that there is no need to change the passport.

    The bluddy optus already made a billions of dollars with our payment and now it's their turn to pay us and they are saying that there is no need to replace.

  • barseeker on 31/10/2022 - 07:49

    So noone has received a free passport yet?

  • jwl81124 on 03/11/2022 - 22:10

    anyone got updated by Optus after 14/10/2022?

  • aibargain on 12/11/2022 - 09:46

    Anyone received payment for passport replacement as promised by Optus?

    • rmk on 13/11/2022 - 09:42

      I should get a cheque in the next two weeks. Will advise if I receive it. I had to go to the TIO though as Optus had my passport as expired in their system.

  • sicaboy on 20/11/2022 - 19:01

    Is there any news from this topic? I got an email from Optus saying: "As a result of the government’s rapid response, you don’t need to replace your passport.". It looks like they won't do anything.

    • rmk on 20/11/2022 - 19:29

      Still waiting on my cheque. If your passport is still valid and it’s your only source of ID I would fight for it.

      • sicaboy on 20/11/2022 - 19:43

        Not the only source but to make it 100 points you have to supply multiple IDs. Somehow my Medicare info is unable to use from DVS as well.

  • barseeker on 01/01/2023 - 10:55

    They only recently posted me a letter saying my details were leaked but not any document id numbers. I dont trust them i used my passport to sign up for optus and its about to expired. It would be great to get a free replacement. Has anyone been sucessful yet?

  • Dyl on 07/02/2023 - 08:02
    +1

    Doesn't extend expiry date, damn

  • MagnusPaciscorHons on 20/04/2023 - 13:27

    Also to above "do not trust them" there is  
     
            interfering with privacy of Australians where seems failing to comply with following Australian Privacy Principles (APPs) in Schedule 1 of Privacy Act 1988 (Cth) (the Privacy Act):
                APP 11.1: requirement to take reasonable steps to protect personal information against unauthorised access
                APP 11.2: requirement to take reasonable steps to delete or de-identify personal information that is no longer needed for (any purpose) a permitted purpose.
            to comply with the requirement in APP 1.2 in Schedule 1 of the Privacy Act, to take reasonable steps to implement practices, procedures and systems relating to the entity’s functions or activities, to ensure compliance with the APPs.

    And so on in  SCHEDULE 1 Australian Privacy Principles
    http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108…

    The paying for replacement passports is a step to respect privacy and hope there is some light in this darkness. 

Login or Join to leave a comment
Login Join