The federal government is considering issuing new Medicare cards for the millions of Australians who had their private details leaked as part of the Optus data breach.
Health Minister Mark Butler told the ABC today the government was only alerted Medicare numbers were part of the massive leak when the apparent culprit, who later stopped his extortion bid, posted 10,000 new personal records online yesterday.
"We are very concerned about the loss of the data and are working hard to deal with the consequences, but we are particularly concerned we were not notified earlier and consumers were not notified earlier about the breach of Medicare data as well," he said.
READ MORE: Two blasts detected before sinister disturbance on Baltic Sea
The government is still working to find out how many Medicare numbers were exposed but Butler said the issuing of new ones was being considered.
"We will have more to say about that … but we are looking at it very closely."
Butler said the government was also considering fast-tracking passport replacements.
'I don't trust criminals'
Meanwhile, a cyber-security expert has warned that a pledge from the apparent hacker all stolen data had been destroyed should not be trusted.
In a bizarre sequence of events yesterday, an anonymous online poster claimed to be responsible for the data breach that saw the information of almost 10 million Australians compromised.
The poster said they had released the personal data of the first 10,200 people, and would continue doing so until their ransom demand was met.
READ MORE: What do I do if my details have been hacked in the Optus data leak?
However, just hours later, the same poster apologised online and said no data would be sold.
They also claimed to have destroyed the only copies of the stolen personal information, which included drivers licence, passport, and Medicare numbers.
But Alastair MacGibbon from CyberCX said he was skeptical of the sincerity.
"I don't believe it. I don't trust criminals," he told Today.
"That means this data is still out there. Can't put it back in that bottle."
READ MORE: Aussies urged to get to the servo for final day of fuel excise cut
The identity of the hacker or hackers has not been confirmed, but MacGibbon said the consensus inside the cyber-security community was that it was not a "sophisticated" attack that led to the Optus breach.
He said this put the onus on Optus.
"The size of this data breach, up to 10 million Australians affected, is unprecedented here in this country," he said.
"So, of course, more could have been done."
READ MORE: Kremlin paves way to annex large parts of Ukraine
But he warned that improving cyber-security could be a complex issue.
"It isn't just about privacy laws. It's also about how you configure your technology," he said.
"A lot of what we do is about risk management. It isn't binary, secure or insecure."
He said people could not expect data protection to be bullet-proof.
READ MORE: Optus hack victims warned about new scam as fraudsters try to 'cash in'
"If it was negligent, then Optus will pay the price," MacGibbon said.
"But even the best defences can be overwhelmed from time-to-time, particularly by nation states and sometimes by sophisticated criminals.
"The unfortunate thing this week, is that by all accounts, this was not a sophisticated breach."