A national identity and cyber support charity say they are enduring the "toughest" period in the organisation's history following the Optus data breach.
Key points:
- IDCARE says it fielded a months' worth of calls in just three days after the Optus data breach
- Its founder says there are signs Australia's response system is starting to crack
- Many customers are only receiving notifications this week they are affected by the breach
IDCARE fielded a months' worth of calls in just three days following the incident, and in the past three weeks has dealt with more than 15,000 interactions with no signs of slowing down.
"It's put enormous pressure on IDCARE, where we operate on the smell of an oily rag, as a charity," founder Dave Lacey said.
"We've had the team work double shifts for weeks now."
The organisation has seen other calls for assistance double in the same period.
"It's a constant balance for us when we're triaging who needs to be prioritised first," Mr Lacey said.
"Just reminding politicians and industry leaders, that in amongst all the people who are impacted by Optus, we're also dealing with people that might have fallen for an investment scam, lost all of their life savings [so] they have nothing to lean on.
Optus 'slow'
Townsville resident Pauline, whose name has been changed for privacy reasons, is among thousands who contacted the organisation for support after getting caught up in the breach.
"I didn't hear anything from Optus for quite a while and then I decided to make a phone call myself to see if my data had been affected," she said.
She discovered that her drivers licence, Medicare and personal details had been released, but was only contacted by Optus this week to inform her of the breach.
"They've been quite slow," Pauline said.
"You want to do something straight away to make sure that cyber criminals don't steal your details and affect your credit rating or do anything bad in your name."
Similar story
It was a similar story for north Queensland woman Ash, whose name has also been changed for privacy.
She made the discovery after her bank account was frozen.
After requesting her licence be replaced on the day of the breach, she was told it could not be done until she received written notification from Optus.
That did not arrive until this week.
"It's made me feel uneasy," Ash said.
"It's not going to take too much for them [cyber criminals] to try and access things like loans."
'Knife edge'
Mr Lacey said governments, financial institutions and regulators had a role to play in helping people respond.
"That response system has always been on a knife edge in terms of its ability to respond in a timely way," he said.
"We're really watching closely whether there's signs that the response system is straining and collapsing.
"We're starting to see those cracks appear.
"Some states are saying, 'Register with us for a new licence, and we'll get back to you' — but that getting back to you\ might be in many months' time."
Pauline has experienced the delays first hand.
She made three trips to Queensland transport before she was able to lodge an application for a new licence after being deterred by the queue.
"They are obviously dealing with so many people that have been affected," Pauline said.
"They said everything is getting processed through Brisbane and I haven't heard that things have progressed further than that initial reporting.
"I'm anxiously waiting to hear from Brisbane that I'm going to get an ID number."
No 'absolute protection'
While it is recommended you update your licence if you are caught up in the Optus breach, Mr Lacey says there is still a risk.
"Of the many organisations that we know are targeted by identity thieves, some participate in national verification schemes," he said.
"If your licence changes, and your old licence was exposed, your old licence won't validate on that verification system, but many organisations don't participate in that.
"Even if you do change your licence, there still will be a residual risk.
"There's no absolute protection, unfortunately."