Optus chief executive Kelly Bayer Rosmarin has revealed more than 2 million customers had their personal identification documents compromised by hackers, with the updated figures provided in a video posted online.
In the video message, Ms Bayer Rosmarin said while "the numbers have come down" the company was still "deeply, deeply sorry" for the leak of information.
In the video posted to the Optus website, Ms Bayer Rosmarin revealed approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised.
In addition, approximately 900,000 customers have had numbers relating to expired IDs compromised, as well as personal information.
"While the numbers have come down, we are disappointed even one customer's information could be accessed," Ms Bayer Rosmarin said.
"We are deeply, deeply sorry that this could occur, especially because we genuinely care about safeguarding out customers information and we invest millions of dollars and we have teams of people whose job it is to prevent something like this happening."
The company has urged other customers to "remain vigilant". While about 7.7 million customers did not have ID documents compromised, the attack still exposed information such as email addresses, dates of birth and phone numbers.
Independent review to be launched into Optus security
Optus has also hired consulting company Deloitte to run an independent external review of the recent data breach that put the personal details of nearly 20 per cent of their customers at risk.
In a statement, Optus said the review would include scrutiny of Optus's security systems, controls and processes.
"The review was recommended by Optus Chief Executive Officer, Kelly Bayer Rosmarin, and was supported unanimously by the Singtel Board, which has been closely monitoring the situation with management since the incident came to light," the statement said.
The Optus CEO said launching the external review was part of the path to rebuilding trust with customers.
"While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong," she said.
"This review will help ensure we understand how it occurred and how we can prevent it from occurring again.
"It will help inform the response to the incident for Optus.
"This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists."
The federal government has flagged its intention to urgently review privacy laws in the wake of the leak.
Some ministers have also been critical of Optus, including Government Services Minister Bill Shorten, who called on the company to "step up" its handling of the data breach, saying it was taking too long to provide information about customers whose Medicare or Centrelink details were exposed.