After the text was leaked, it became a big problem.
Optus has told current and former customers if their driver's license and credit card numbers were exposed in the cyberattack, but the company has been criticized again.
Optus told current and former customers if their driver's license and credit card numbers were exposed in the cyberattack. However, the company has been criticized again after some people pointed out an obvious problem with the message.
More than a week after finding out that the personal information of 9.8 million people may have been stolen in a huge data breach, the telco is still getting criticism from the government and the public for its poor communication and lack of clarity.
On Sunday, many customers got a text message from Optus that said, "Cyberattack update: Your driver's license number was exposed, but not your card number." On their website, your state or territory government will tell you what steps you may need to take.
Some customers in Victoria, who got the message, quickly pointed out that Victorian driver licenses don't have a separate card number, so losing the license number was just as bad.
Some customers got a message that was more worrying.
"After doing more research as part of our ongoing investigation, we found that the license number and card number on some customers' driver licenses were exposed," it said.
"Please keep in mind that only the numbers were shown and not a copy of your photo ID. We're very sorry to have to tell you that you're part of this group.
Optus told those customers that they should apply for a new license to "help lower the risk of identity theft or financial loss."
Optus said in a statement on its cyberattack portal on Sunday that it had emailed or texted "customers in NSW, ACT, SA, NT, WA, and Tas for whom we have a driver license on file to confirm that their driver license number and card number were exposed in the cyberattack."
Optus said, "We have also contacted customers to let them know if their Medicare card number was made public."
"We are still working with the governments of Victoria and Queensland to help people who have driver's licenses from those states, and we will give advice as soon as we can. If we didn't have good contact information for any customers who were affected, we will write to them as soon as possible at the last address we have on file. We keep trying to get in touch with customers whose other information has been leaked."
Optus said that "the cyberattack did not compromise any direct debit or credit card details."
"Also, all of a customer's My Account login information, such as their username and password, remains safe," it said.
"Customers are asked to be careful and carefully read all written communications. In the emails we send to our customers about the cyberattack, we won't send links or ask for information like passwords. Scammers often use email addresses that look like they belong to real people. If a customer isn't sure, they should click on the name and check the sender address.
It happened at the same time that the federal government sent out an unusual spray accusing the telco of not working with them after the breach because they haven't given them the full list of customers who were affected.
Bill Shorten, the Minister of Government Services, made the new request on Sunday morning. He said that Services Australia wrote to Optus on September 27 and asked for the full list of all affected customers whose Medicare and Centrelink numbers were exposed.
Services Australia said that Optus had not given any information about customers who would be affected by this request.
In the data breach, more than 37,000 Medicare numbers were put out in the open.
The Australian Federal Police is looking into the breach in two ways, with help from the FBI.
Mr. Shorten said that Australians caught up in the saga should be able to keep their privacy.
"Services Australia has been working around the clock to protect customers, but we need Optus to help us help Australians," he said.
"This was a mistake that never should have happened. We all carry a Medicare card in our wallets, so it's not surprising that Australians are very worried about what has happened here."
A few days earlier, Optus said it would pay for Australians whose passports were stolen in the cyber attack to get new ones.
Later on Sunday, Home Affairs Minister Clare O'Neil said Australia needs to change its cyber security rules to avoid another leak like Optus' latest nightmare.
She said, "We need to think about what companies have to do when this kind of cybersecurity breach happens."
"We just don't want to go through this again. The private information of 10 million people has been kept by a private company for far too long, and we don't have the right tools to get information in certain ways after the fact. It doesn't cut it. We live in a digital age, so cyber security issues are now a part of our lives. This incident is a big wake-up call for corporate Australia, and it's also a wake-up call for regular Australians.
Ms. O'Neil said that Australians whose information was leaked should be aware that some people may now try to use it for their own gain.
"Australians need to be very careful right now. We shouldn't be in this situation, but Optus put us here, and now Australians need to take steps to protect themselves from financial crime," she said.
On Saturday, Optus apologized for the "devastating" cyberattack in a full-page ad in a newspaper.
"Our top priority is to keep customers from getting hurt," it said. "We're here to help and support you with any personal worries you may have."