Queensland has responded to Optus’ data woes with the early roll-out of two-factor authentication for driver’s licences.
The data breach in September saw around 50,000 Medicare numbers exposed and 2.1 million identity documents stolen such as driver’s licence and passport details in what is now Australia’s biggest corporate data spill.
Services Australia is working with Optus to take proactive security measures for the customers whose identifying government information was stolen during the breach event. The measures were developed in consultation with the Office of the Australian Information Commissioner (OAIC).
On Thursday, the Queensland government announced it would bring forward a planned system for two-factor authentication for driver’s licences in 12 months.
Transport and main roads minister Mark Bailey said expediting the delivery of the new document verification service was deliberately expedited because of the Optus breach.
“I’m pleased we could fast track the implementation of this system to better protect Queensland identities from fraud,” Bailey said in a statement.
The change will mean for people wanting to use their diverse licence identification to set up accounts with banks, telcos and utility providers, will now need to show two numbers. This includes what is known as a customer reference number (or driver’s licence number) and a unique card number.
From now on, every time a person’s Queensland licence is renewed their card numbers will also be updated.
“Your driver’s licence should only be used by you, and this new system goes a long way to ensuring that,” Bailey said.
The state government said of those Queenslanders who have been impacted by the Optus data breach, the majority had their licence number compromised. More than 170,000 in the state have applied to have their diver’s licence renewed since 28 September.
Bailey said people whose information had been stolen could apply to have their licence number changed however the extra security measure offered by the document verification service meant this was not necessary.
“Now, you will need to provide the unique card number found on your driver’s licence as a second step in the verification process.
“This is similar to the CVV found on the back of your credit and debit card, and makes it an even more secure identity document,” the minister explained.
The Queensland government is urging citizens to remain vigilant to possible suspicious cyber activity.
“I also implore Queenslanders impacted to access the free credit monitoring service provided by Optus,” Bailey added.
:
Dominello slams driver’s licence data harvesting, opens door to Optus paying for replacements