Australians caught out in the massive Optus data breach may be able to change their driver's licence numbers.
At a Labor caucus meeting on Tuesday, Attorney-General Mark Dreyfus was asked about the trove of information stolen, and said the option was being considered with the privacy commissioner.
He said the commissioner wasn't notified by Optus of the breach involving almost 10 million customers, until late Friday, the day after it was first reported.
"Optus has a responsibility for the privacy of both current and former customers," Mr Dreyfus said.
He said it was important to relay advice from the privacy commissioner to the public, and warned people should not click links that are sent to them.
An ongoing privacy review will be completed this year.
In a statement, Home Affairs Minister Clare O'Neil said she was "incredibly concerned" about reports that Medicare numbers were now being offered for free and for ransom.
"Medicare numbers were never advised to form part of compromised information from the breach," she said.
"Consumers have a right to know exactly what individual personal information has been compromised in Optus' communications to them."
The sensitive details of 10,000 Australian customers have been released by the group behind the massive Optus data breach.
The illegally obtained information includes passport, Medicare and driver's licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.
A check of 12 random email addresses against records held by Have I Been Pwned found nine had not previously been exposed in breaches.
The information was exposed on a data breach site on the clear web after the group behind the theft said Optus had not met its extortion demand.
It claimed it would release 10,000 records each day until Friday if Optus doesn't pay $1.5 million.
Government Services Minister Bill Shorten said Optus hadn't done enough to protect customers and its response "needs to be much more diligent."
"It's time for ... a big overhaul of how our data is kept by big corporations," he told the Nine Network's Today.
Optus says it was the victim of a sophisticated attack - a characterisation dismissed by Ms O'Neil.
A federal police investigation has been launched into the data breach, which has affected 9.8 million Australians.
Opposition cyber security spokesman James Paterson told Sky News the government bore some responsibility and criticised its response to the hack as "slow".
Ms O'Neil launched a scathing attack on Optus in parliament on Monday.
She said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.
The minister called on Optus to provide free credit monitoring to former and present customers whose data had been stolen.
Optus says it will offer "the most affected" customers the chance to take up a one-year subscription to credit monitoring service Equifax Protect at no cost.