27 September 2022

ACT Government still dragging its feet on licence number changes post-Optus hack

| Lottie Twyford
Join the conversation
34
optus

Canberrans have flooded Access Canberra Service Centres with inquiries about changing licence numbers. Photo: File.

The ACT Government has yet to decide whether Canberrans impacted by the major Optus hack which occurred last Friday (23 September) will be able to change their drivers licence number.

Almost 10 million current and former customers had their personal data, including licence numbers, addresses, names, phone numbers, email addresses and more stolen in a massive breach.

It’s unclear how many Canberrans have been impacted by the issue at this stage, but Access Canberra has been inundated with requests to change licence numbers.

READ ALSO Emergency crews challenge the clock to sharpen their search and rescue skills

One man, who wished to remain unnamed, said he received an email from Optus advising he had been impacted by the event and confirming his licence details had been accessed.

“I’m not overly concerned as the expiry date of the licence has changed, and to my knowledge, a scan of the licence with my photo was not stored,” he said.

Others did not share this level of optimism.

Licence numbers are designed to remain with a driver throughout their life, but the Opposition has called on the government to move quickly to encourage victims of the Optus hack to replace their licence number.

Ed Cocks

Opposition spokesperson for Regulatory Services Ed Cocks said the Territory government should follow the lead of NSW and encourage affected customers to get a replacement licence. Photo: Lottie Twyford.

Opposition spokesperson for Regulatory Services Ed Cocks said this is a time for speed and responsiveness.

“Without quick action from the government, Canberrans are vulnerable to identity theft,” Mr Cocks said.

“Inaction will only make already distressed victims even more [so].”

READ ALSO Supercell thunderstorm inquiry says it’s time for a rethink on eucalypts in suburbia

Yesterday, Region questioned Access Canberra about what was happening. The only response at that time was that it was working through the “evolving situation” with other states and territories and Optus.

A day later, and five days after Optus first confirmed the breach, the ACT Government still doesn’t have an answer as to whether it will move to allow customers to replace their licences.

AAP is reporting a Labor caucus meeting today was told the option to allow Australians to change their licence numbers was being considered with the privacy commissioner.

In contrast, the NSW Government has set up a helpline for those impacted by the breach and is actively advising customers to apply for a replacement licence.

“Behind the scenes, the NSW Department of Customer Service, Transport for NSW, Cyber Security NSW, ID Support and NSW Registry of Births Death and Marriages are working with Optus to make the process of re-issuing of NSW identity documents as seamless as possible,” Minister for Customer Service and Digital Government Victor Dominello said in a statement.

Shane Rattenbury

Attorney-General Shane Rattenbury acknowledged there was a lot of uncertainty in the community about what the data breach meant. Photo: Michelle Kroll.

This morning, Attorney-General Shane Rattenbury, who does not have ministerial responsibility for regulation, was questioned about the breach on ABC Radio.

Mr Rattenbury said he and his colleagues would be having discussions about the implications of the breach for the Territory, including the need for changing licence numbers.

Ministers’ phone accounts are held with Optus, Mr Rattenbury confirmed, but he did not have details about what information had been held.

He said there would likely be future cybersecurity lessons for the local government from the event, but it predominantly sat with the federal authorities and Optus for the time being.

“As the ACT Government, one of the key planks of our security is … cyber [because] we have a lot of people’s information for the various interactions they have with the government,” he said.

READ ALSO Should gambling ads be banned from sport on TV?

This morning, a person claiming to be the hacker said on an online forum they would begin releasing data every day – and had done so already – unless Optus paid a ransom.

They later appeared to walk back that threat and apologised, saying the records published this morning had been deleted.

It’s unclear whether that was legitimate.

The breach is under investigation by the Australian Federal Police in conjunction with overseas law enforcement as part of Operation Hurricane.

If you are concerned that your information may have been included in the recent Optus data breach, check the Optus website for information and contact Optus via the My Optus App or call 133 937.

Support is also available via IDCARE, Australia’s national identity and cyber support service. Contact IDCARE for free help on 1800 595 160 or visit idcare.org. They also have a fact sheet available here.

The ACT Government, Access Canberra and the office of Minister for Better Regulation Tara Cheyne have been contacted for comment.

Join the conversation

34
All Comments
  • All Comments
  • Website Comments
LatestOldest
Peter Herman12:48 pm 02 Jun 23

What’s the hack got to do with electronic licenses
In other words ACT govt have done nothing and are still dragging their feet
It’s still annoying that ACT Govt are dragging their feet
It seems that ACT govt are not interested in electronic licenses

Fix this as many NSW drivers and other drivers are electronic
We here are supposed to be the capital of Australia, but it seems that we are going backwards with important things

Time to fix it ACT Govt

Peter Herman9:46 am 02 Jun 23

Why is it that we in ACT are still dragging the chain re electronic licensing
Every other state and territory hsve this BUT good old ACT is ‘dragging the chain’
As usual priorities in the wrong place
I have a mate of mine from NaW who asked me this morning (June 2)as to why we are dragging the chain
Come on ACT govt…time to catch up with the rest of the country

It’s really disappointing that the ACT Government which considers itself so progressive could not have responded as quickly and proactively as other state jurisdictions. Face palm!

The longer the ACT delays the more inept it looks. Surely it can quickly direct Access Canberra to allow all ACT residents whose details were compromised by the Optus hack to change their licence number. To refuse that means it doesn’t care about stopping identity fraud.

Unsurprisingly the government announces today they will essentially do nothing in helping change numbers for those affected. And if you do want to change anyway you will have to pay of course. No arrangement for Optus to pay as Victoria/NSW. When is the election again?

Whitepointer8:59 am 28 Sep 22

The non action by this Labor Greens Government on this issue is disgraceful.

If it were digital, things would be easy though!

NSW Queensland SA and WA have all today announced plans to permit replacement of the affected licenses. Nothing from Andrew, Shane and Co. I hope the hackers are also having a rest tonight and not creating false Canberra identities.

HiddenDragon7:02 pm 27 Sep 22

The Optus catastrophe should trigger a broader debate (and a vigorous one at that) about the rampant growth in demands for production of and storage of photographic proof of ID in this country.

It is one thing to require such ID to be provided to entities whose services could be utilised for the purposes of committing serious crimes, but it is another thing to allow such demands to be made by businesses engaged in much less risky activities – e.g. clubs which apparently think that chaos and mayhem will ensue unless they capture photo ID from every punter who wants to partake of a lasagne and salad.

If it is within the power of state/territory governments to do so, the ACT government could take a lead by legislating to provide that unless required by federal or Territory law, driver licence data can only be requested and stored by an ACT entity with the express permission of the ACT government – with storage subject to strict conditions.

Related to your comment, HiddenDragon, I wonder why primary ID documents need to be held by any commercial entity at all?

My understanding of some discussion just a few years ago was that the Federal government was setting up a system in which an applicant to a commercial organisation could pass documentation securely to a Federal portal which returned to the commercial entity an authoritative validating credential. Thus, you are identified securely without the commercial entity needing even to see let alone store your primary ID.

Perhaps an APS reader can enlighten me on this, whether it is so and whether it is operational?

Given a driving licence has similar status to a passport, why do not or could not the States avail themselves of the same system for validating licences? Why have State-issued rather than Federal driving licences at all, now that we have uniform road rules? The current State testing, authorisaton and rescission structures for licences would remain, just accessing a Federal database.

Joelsomething6:07 pm 27 Sep 22

Access Canberra have been exposed to this for years, they simply don’t care. My identity was stolen as my renewal notice was stolen from my letter box, the notice contains the date of expiry and the number. 2 credit card applications in my name later, and the response from Access Canberra, too bad no legislative basis in which the identifier can be changed.

Doesn’t make any sense, the legislation gives them the authority to manage a register, definitely doesn’t go into detail about specifics – such as whether licence numbers can be changed!

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.