Australians had their personal data held to ransom following a cyberattack that exposed the records of 9.8 million current and former customers at Optus, the country’s second-largest mobile phone network provider.

The fallout from the breach is ongoing and involves not just Optus and its Singapore-based parent company, Singapore Telecommunications, trying to calm public nerves and find out what happened and how. A range of Australian federal and regional government agencies are attempting to fight fires and reassure citizens their health insurance, passport information, and driver’s license details are either safe or will be so again.

On Sept. 22, Optus issued its first public statement about the cyberattack that exposed customers’ names, dates of birth, phone numbers, and email addresses. For some customers, addresses, driver’s license details, and passport numbers were also exposed; Optus has since confirmed the government identification numbers of 2.1 million customers were compromised.