On 13 January 2023, the Department of Foreign Affairs and Trade (DFAT) became aware that the login credentials (email addresses and login passwords) for a small number of customers registered with the Australian Passport Office’s (APO) online passport application portal, AusPassport, were discovered on the ‘Dark Web’.
There is no evidence to suggest these login credentials were obtained through a compromise of DFAT’s systems.
The department takes the protection of its customers’ personal information very seriously and has taken action to initiate a forced password reset for impacted AusPassport account holders.
This means these customers will be unable to access their AusPassport account without first initiating a password reset. They will be able to do this by selecting the ‘forgot your password’ link on the portal’s homepage and following the steps.
Concerned customers can also call the APO on 131 232 for assistance.
The compromise of AusPassport login details does not impact the security or integrity of affected customers’ passports. No‑one has access to these passports. Nor can anyone get an Australian passport using an impacted customer’s personal information. DFAT uses robust controls that protect customers from identity takeover, including sophisticated facial-recognition technology.
Advice on safeguarding your personal information can be found on the APO’s webpage on protecting against scams and identity theft.
Customers can also seek help from IDCare, a not-for-profit organisation that specialises in providing advice and support to the Australian community in responding to identity theft.
Advice on how to protect yourself and your family from cyber security incidents is available on the Australian Cyber Security Centre’s (ACSC) webpage at: www.cyber.gov.au