Australia tells SingTel-owned Optus to pay cost of replacing hacked ID documents

FILE PHOTO: A woman uses her mobile phone as she walks past in front of an Optus shop in Sydney

SYDNEY (Reuters) - Australian telecoms giant Optus must pay the cost of replacing the passports and drivers licences of millions of customers whose personal information was stolen in one of the country's biggest data breaches, the government said on Thursday.

The theft of data attached to 10 million customer accounts, equivalent to 40% of Australia's population, was the result of an error by Optus so it was up to the Singapore Telecommunications-owned company to pay for the consequences, Assistant Treasurer Stephen Jones said.

"Optus is absolutely responsible for paying for the costs and the implications of this for customers, whether it's the replacement of a licence, whether it's the replacement of a passport, or other necessary pieces of ID," Jones told reporters in Sydney. He did not give a dollar figure for the costs.

An Optus representative was not immediately available to respond to Jones's comments. Optus has apologised for the breach and said it would pay for the most affected customers to receive credit monitoring for a year.

The comments underscore the growing tension between Australia's government and its second-largest telco as internet companies, banks and government authorities scramble to minimise the risk of being similarly hacked.

The operator of an anonymous account had in an online chatroom demanded $1 million to refrain from selling the Optus customer data, only to later withdraw the demand and apologise, citing heightened publicity. Optus and law enforcement authorities have not verified the demand, although cybersecurity experts say it was most likely authentic.

The stolen data included passport numbers, drivers licence numbers, government health insurance numbers, phone numbers and home addresses, prompting commentators and lawmakers to demand replacement documents.

Other large internet firms meanwhile said they were running extra cybersecurity checks to reduce the risk of a similar breach.

"In light of the recent Optus breach, we have been working closely with our cybersecurity partners and the relevant government agencies to increase our checks," said a spokesperson for No. 3 internet provider TPG Telecom Ltd, which has about 6 million customers.

A spokesperson for Telstra Corp, Australia's largest internet provider, said in an email: "We will continue to consider what other steps we may need to put in place as we learn more about the Optus incident".

(Reporting by Byron Kaye)