In light of the Optus data breach, where 10 million customers had their data stolen, the Australian Government is considering creating a federated digital identity system using myGov or its myGovID system. Critics say that the system could have its own security flaws against hackers.
Optus’s data breach is said to be the worst Australia has seen, resulting in the loss of customer’s personal data including passport numbers, driver’s licence and Medicare numbers. Optus is a subsidiary of Singapore Telecommunications Ltd and the second largest telecoms providers in Australia.
The federal government plan to develop a single digital identity that enterprises can leverage to authenticate their customers without storing their personal information.
David Thodey, former Telstra chair, led an “expansive” audit of myGov with a panel comprised of Human Rights Commissioner Edward Santow, eSafety Commissioner Julie Inman Grant, Uber’s former head of global economic policy Amit Singh and social epidemiologist Professor Emily Banks.
At the time of the audit, in a statement Thodey said the panel “would consult with myGov users, states and territories, the Australian Public Service and peak bodies to help inform the recommendations.”
Bill Shorten, Government Services Minister, said Thodey will now assess whether myGov is capable of single factor authentication, preventing the need to present ID documents multiple times.
A digital ID system was introduced by the coalition government in 2021 as a secure method of verifying identity to access government services and in October 2021, a draft of the Trusted Digital Identity Bill was circulated but not brought before parliament.