News

On 13 January 2023, the Department of Foreign Affairs and Trade (DFAT) became aware that the login credentials (email addresses and login passwords) for a small number of customers registered with the Australian Passport Office’s (APO) online passport application portal, AusPassport, were discovered on the ‘Dark Web’.

There is no evidence to suggest these login credentials were obtained through a compromise of DFAT’s systems.

The department takes the protection of its customers’ personal information very seriously and has taken action to initiate a forced password reset for impacted AusPassport account holders.

This means these customers will be unable to access their AusPassport account without first initiating a password reset. They will be able to do this by selecting the ‘forgot your password’ link on the portal’s homepage and following the steps. 

Concerned customers can also call the APO on 131 232 for assistance.

The compromise of AusPassport login details does not impact the security or integrity of affected customers’ passports. No‑one has access to these passports. Nor can anyone get an Australian passport using an impacted customer’s personal information. DFAT uses robust controls that protect customers from identity takeover, including sophisticated facial-recognition technology.

Advice on safeguarding your personal information can be found on the APO’s webpage on protecting against scams and identity theft.

Customers can also seek help from IDCare, a not-for-profit organisation that specialises in providing advice and support to the Australian community in responding to identity theft.

Advice on how to protect yourself and your family from cyber security incidents is available on the Australian Cyber Security Centre’s (ACSC) webpage at: www.cyber.gov.au

Recent data breaches are a timely reminder to protect yourself from misuse of your personal data and scams. 

So, when someone calls you saying they’re from the Australian Passport Office (APO), how do you know it’s us? 

APO staff will only contact you to help us process a passport application for you or your child. 

What to expect when we call 

When we call you, we’ll call from a landline. The officer will provide their first name, and where they’re from. 

They’ll ask you for some information to confirm they’re talking to the right person.  

If you’re not sure if it’s really us, you can call us back on 131 232 to check. 

If it was us, the officer will confirm the call is legitimate and help you with your application. 

Other ways we may contact you 

We also send important information via emails, text messages and letters. Our messages may include: 

• requests and reminders to attend appointments 
• notification of a Registered Post tracking number to let you know your passport is on its way 
• passport renewal reminders. 

How to protect against scams  

Scams can look genuine, and it can be difficult to tell when something is fake. If you’re concerned, the IDCARE website has advice and support.  

If you’ve received a scam message or phone call, report it to Scam Watch.  

Read more about scams and identity on our website. 

Three reasons why you should get your passport before booking travel 

1. You can only apply for a visa with a valid passport. Allocate a couple of weeks (depending on the foreign embassy or consulate) from when you get your passport to apply for your visas.  

2. Some countries need proof you’re vaccinated against COVID-19 to enter. If you were vaccinated in Australia, you can use an International COVID-19 Vaccination Certificate as evidence.  This certificate is linked to the passport you’re travelling on. You can find out about the requirements of the country you’re visiting on the Smartraveller website.  

3. It can take a minimum of six weeks to get a new passport or renew your old one. Some applications, including first-time and child applications, can take longer.  

If you’ve already booked your trip and need a passport, please call 131 232 to let us know your travel dates. 

If you can’t wait at least six weeks for your passport, you can use our priority passport processing service. For more information, visit our urgent applications page 

For more tips on planning your travel, visit smartraveller.gov.au  

Some customers have received a second email from us advising their passport is being posted or is ready for collection.

If you already have your passport, please disregard this email.

This was the result of a minor system issue which has now been fixed.

This issue is not related to the Optus data breach.

If your passport has been lost or damaged in the recent floods in Victoria and New South Wales, you may be eligible for a free replacement.  Call us on 131 232 for more information.