Optus has quietly confirmed tonight the worst kept secret of last week’s Cyber Attack – your medicare number might also have been included in the exposed records.

Tonight on their website Optus published a statement saying that of the “9.8 million customer records exposed, we have identified 14,900 valid Medicare ID numbers that have not expired.”

The company also confirmed a further 22,000 expired Medicare numbers were also in the breached data.

Customers with a valid ID number will be contacted within 24 hours, while the rest will be contacted in the coming days.

Optus again has played down the breach saying that “people cannot access your Medicare details with just your Medicare number”

That doesn’t matter, it’s still very personal data.

Medicare numbers were found in the 10,000 customer records released by the alleged hacker on Tuesday, before then Optus had not mentioned that as a form of ID in the data.

Interestingly, this is the first time I am aware that Optus has confirmed the much spoken about number of 9.8 million customer records. Over the weekend the alleged hacker posted that they had 11.2 million records in one file, so how that matches with Optus’ claims is unknown.