This was published 1 year ago
Optus breach: Exposure of passport numbers could create delays for renewals
By Katherine Scott
The Optus data breach could result in further delays for travellers looking to renew passports.Credit: iStock
Australians caught in Optus' data breach will be compensated for passport replacement costs, but they may face lengthy delays, as the Australian Passport Office (APO) struggles with an existing backlog of applications.
Optus is yet to provide the APO with information on the number of passports that may be affected by the breach, made public on September 22, but the telco has indicated the compromise to its 9.7 million Australian subscriber base is "significant".
On Friday, Prime Minister Anthony Albanese said Optus had agreed to pay to replace the passports of customers affected by the recent hack.
"Optus have responded to my request [and] they will cover the costs of replacing affected customers' passports," he said. "I think that's entirely appropriate."
The additional demand could exacerbate long passport wait times caused by software issues impacting the rollout of the new "R Series" passports. The R Series passport replaces the previous P Series issued since 2014, and features upgraded security components designed to prevent counterfeiting and identity theft.
Optus customer Kym Goldsworthy, from Sydney's inner-west, received an email from the telco telling him that his account had been "exposed", but hasn't yet been able to get clarification on the fate of his passport.
"It said the ID documents I provided to them, such as a drivers licence number or passport number, had been 'exposed'. But no specifics about what those ID documents were," Goldsworthy said. "I have heard nothing more from them for a week now; no advice about what steps to take or what they will do to assist."
The Department of Foreign Affairs (DFAT) is encouraging Australians who require a new passport, particularly those with travel plans during the peak summer period, to apply as a priority.
A DFAT spokesperson said the APO hadn't seen an increase in passport applications resulting from the breach to date, but said it is of great concern, and that applicants should be aware of potential delays.
"The APO is facing unprecedented demand for passports. This high demand for passport services is placing pressure on passport systems and has caused passport processing delays," said DFAT.
Prior to the passport production issues, staffing shortages and passport demand saw applicants queue for hours at offices across the country in June, ahead of the busy winter travel period.
The Optus cyberattack has prompted the federal government to announce a reform to laws relating to the collection of personal information.
In an address to parliament earlier this week, Prime Minister Anthony Albanese said: "Clearly, we need better national laws, after a decade of inaction, to manage the immense amount of data collected by companies about Australians – and clear consequences for when they do not manage it well."
In a tweet on Friday, the PM also noted: "Australian companies should do everything they can to protect your data. That's why we're also reviewing the Privacy Act – and we're committed to making privacy law stronger."
Optus are yet to make an official statement around compensation.
Passport fees currently range from $193 for a replacement, to $308 for a brand new passport; an additional fee of $225 applies to those requiring express processing.
Since early June, the passport office has more than doubled its workforce, from 730 to more than 1900, as well as recruiting more staff to process applications and answer calls, and extending working hours to seven days a week to reduce wait times.
DFAT said affected Optus customers' passports are still safe to use for travel, and can't be used by someone else to travel under their identity due to the APO's robust security controls, including facial-recognition technology.
For those concerned about identity fraud as a result of the Optus data breach, DFAT advises phoning 131 232 to replace their passport.
The passport office created a specific page for the Optus breach, using unsubtle language about where responsibility lay.
In response to the question "Why do I have to pay to replace my passport when this wasn't my fault?", the passport office posted the response "We charge fees to cover the cost of a new passport. We weren't responsible for the data breach. You can discuss your situation with Optus". The page has since been replaced with general advice.
HOW TO APPLY FOR A NEW PASSPORT
If your passport details have been compromised in the Optus cyberattack, your passport number may be at risk of identity theft. Here's how to obtain a new passport:
Phone the APO to cancel your existing passport, ph: 131 232
Apply via the APO's passport replacement portal, see online.passports.gov.au
Pick up an application at a participating Australia Post outlet, see auspost.com.au
Apply or book an appointment through an Australian diplomatic or consular mission, see dfat.gov.au
See further information www.passports.gov.au
Sign up for the Traveller newsletter
The latest travel news, tips and inspiration delivered to your inbox. Sign up now.