Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.
It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.
While the breach was initially considered limited to customers who deal with Optus directly, Guardian Australia has seen emails sent from Optus to former customers of Gomo and Virgin Mobile outlining that their data was included in the breach.
Both companies are wholly owned subsidiaries of Optus, with the company shuttering the Virgin brand in 2018, but it was not apparent until now whether these customers would have been caught up in the breach.
Guardian Australia has asked Optus whether customers of its other brands, are also affected. Optus also resells its mobile services to external companies such as Dodo, Circles.Life and iiNet.
Amaysim, one of those brands, said on Thursday its customers were not caught up in the data breach.
Optus customers continue to raise concerns the company is not providing substantial information, beyond the initial letter informing them of the breach. Some state transport authorities have indicated customers will need to get compensated from Optus directly for licence replacements, but the company hasn’t communicated how that will occur.
Optus is also facing pressure from the federal government to pay for passport replacements, but has not yet said what it intends to do.
IDCare – an organisation that helps people who are dealing with identity theft – has received 11,500 calls from Optus customers in the past three days, which is the amount of calls the organisation would normally receive in a month.
The financial services minister, Stephen Jones, met with consumer groups, banks, and key regulators including the Australian Competition and Consumer Commission (ACCC) on Thursday morning to discuss the impacts of the breach.
Jones said customers would feel the effects of the breach for some time, and “there will be a long tail of impact of this data breach”.
“We know that fraudsters [and] scammers are already on to it, whether they’ve got the Optus data or not, they’re attempting to impersonate Optus, they’re attempting to … impersonate licence providers, they’re attempting to impersonate government and government agencies.”
He said it was Optus’s “stuff-up”, that it was up for Optus to compensate customers, not the government, and that every company in the country should be on heightened alert.
Optus has been contacted for comment.