In the wake of the breach of almost 10 million customers’ data, key talks have taken place between Financial Services Minister Stephen Jones and the consumer watchdog on the customer impacts.

The meeting on Thursday with the Australian Competition and Consumer Commission also included regulators and banking representatives.

Jones said while the response to the breach had been wide-ranging, the consequences of the incident would linger.

“There’ll be a long-tail impact of this data breach,” he told reporters in Sydney.

“There is no lack of goodwill to co-operate, from the Commonwealth, from the banks and even the telecommunications companies.

“People understand the scale of this and we are moving as fast as we can.”

Jones said Optus had a responsibility to the almost 40 per cent of Australians affected by the data breach.

It comes as the government is looking at introducing urgent reform to privacy laws.

Attorney-General Mark Dreyfus said legislative changes could be introduced to parliament by the end of the year.

“It is certainly not just simply about increasing penalties, although that will be part of the reforms we are going to look at,” he told reporters in Canberra on Thursday.

“We need to make sure that companies who are keeping Australians’ data pay absolute attention to keeping that data safe.”

However, the federal opposition has criticised the government for not implementing reform to online privacy that was recommended from a previous coalition review.

Opposition communications spokeswoman Sarah Henderson said the previous calls for reform had fallen on deaf ears.

“It should not have taken the cyber attack on Optus to wake up this government,” she said.

“The protection of Australians’ personal information online must be a high priority for the Albanese government.

“It is critical that our laws continue to be updated to ensure the online protection and safety of all Australians.”

Under the coalition proposal, large telcos and social media companies with more than 2.5 million users would be required to obtain fully informed consent to be able to use personal information, and to stop using the information on request.

Increased fines of up to $10 million for serious breaches would also apply.

The data breach prompted nearly all states and territories to allow affected residents to apply for new driver’s licence numbers.

Prime Minister Anthony Albanese has demanded Optus pay for the cost of replacing passports for customers whose data was hacked, saying it was the telco’s blunder.

“Companies need to be held to account here, and that is something my government is determined to do,” he told 5AA radio on Thursday.

Foreign Minister Penny Wong wrote to Optus chief executive Kelly Bayer Rosmarin on Wednesday, saying there was “no justification” for affected customers or taxpayers to foot the bill.

Dreyfus said he saw no reason why telcos needed to keep data used to validate identification, such as a driver’s licence or passport, for a decade.

“Obviously, the more data that’s kept the bigger the problem there is about keeping it safe – the bigger the problem there is about the potential damage that’s going to be done by a huge hack that’s occurred here,” he said.