More than 300k identity fraud attempts in wake of Optus breach

More than 300,000 fraudulent attempts to use Australians’ stolen passport, Medicare and driver’s licence data have been curbed by federal authorities in the wake of the 2022 Optus hack.

A federal register was established in response to the breach in which an anonymous hacker exposed the personal data of 10 million Optus customers, including people’s names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers.

About 2.8 million people whose passport or licence numbers were taken were flagged as being at significant risk of identity theft and fraud following the cyber attack.

Since the government’s register began operating in October 2022, more than 300,000 attempts to use compromised data to commit fraudulent transactions have been blocked as of February 2024.

Attorney-General Mark Dreyfus said the government was working to enable the register to work in near real time to try to protect victims of privacy breaches from further harm.

“This rapid response will also help to prevent black market sales of stolen identity credentials and disrupt other illegal activities that rely on those stolen credentials like scams, money laundering and fraud,” Mr Dreyfus said.

“We’re now working on further reforms to give individuals greater control over their privacy and make entities more accountable for handling information appropriately and keeping it secure.”

The government unveiled a suite of privacy protection measures following the Optus cyber attack, including an increase to the maximum penalties for serious and repeated privacy breaches and proposed new laws to subject telcos to tougher cyber reporting rules.

According to the Australian Signals Directorate, there were nearly 94,000 reports of cybercrime in Australia during 2023, an increase of 23 per cent.