Australians should think twice before handing their personal data over to companies as corporate hacks drive a surge in scam reports, outgoing ACCC deputy chair Delia Rickard says.

Ms Rickard has called for a “major review” into the massive quantities of data businesses are collecting on customers and how they’re storing it, saying the hacks of Medibank and Optus should be a wake-up call as millions face having their private lives exposed by criminals.

“My daughter got a rental recently – I was appalled beyond belief by what she had to hand over,” Ms Rickard said.

“[They wanted] a tax file number, Medicare and passport documentation.

“It’s really worrying, because you don’t know, even if they take it, you have to email it and that’s an additional vulnerability. You don’t know what they’ve done with it, do they keep it forever?”

Major review of data collection

“There needs to be a major review of what data is collected and how long it’s used.”

Ms Rickard’s comments come as the purported hackers behind a data breach at Medibank said on Tuesday they would soon dump the personal information of almost 10 million people online.

The data includes names, addresses, emails and phone numbers. Almost 500,000 customers have also had their sensitive medical data stolen, including details about medical procedures.

Ms Rickard told TND the theft of medical data was “extremely concerning” and would result in Australians being “traumatised” as well as fuelling a surge in more sophisticated financial scams.

Already this year the ACCC has tracked a 90 per cent rise in scam-related financial losses, with more than $400 million reported to date. About a third of losses are thought to go unreported.

It’s feared scammers will use treasure troves of data leaked by hackers to personalise scams to individuals, or even use private medical data to extort victims.

“Scammers will always pretend to be a trusted entity, and it’s very hard to tell – you can’t when you’re online,” Ms Rickard said. “Scammers don’t need a lot of information about you to personalise scams.”

‘Double-edged sword’ on data crackdown

The federal government is scrambling to update Australia’s privacy laws after the corporate hacks, including tougher penalties for businesses and better controls on data storage.

Deputy Treasurer Stephen Jones said on Monday the government would do what was needed to protect Australians from cyber criminals.

“Why do I have to give out my driver’s licence and personal details to get into a pub? And when I do that, how’s that information being stored?” he said.

But experts believe a much broader re-think of how businesses collect personal information will be needed to combat a massive spike in cyber crime targeting Australians.

One key issue, according to Edith Cowan University senior lecturer Mohiuddin Ahmed, is that the data that companies collect cannot be easily separated from the digital services we all expect.

“This is a double-edged sword,” he said.

“These are all business decisions, [and] we’d be deprived of some services run by these companies.”