It comes as the telecommunications giant launched an independent, external review of the circumstances surrounding the hack on its customer's data.
Affected customers started receiving emails from Optus on Sunday, while others were contacted by text message.
One customer posted a screenshot of the email to Twitter, which confirmed his driver's licence number had been taken.
Another customer posted the text she received, which said her ID documents hadn't been compromised.
"We're deeply sorry that a cyber attack has happened on our watch and for the concern it may have caused you," the message reads.
Embattled chief executive Kelly Bayer Rosmarin, who has been criticised for the way Optus has handled the attack, recommended the review to the board which unanimously agreed to it.
Ms Bayer Rosmarin said the telco was committed to rebuilding trust with its customers and the review would assist that process.
"We're deeply sorry that this has happened and we recognise the significant concern it has caused many people," she said in a statement.
She said the review would help Optus understand how the attack happened and ensure it would not happen again.
International professional services firm Deloitte will conduct the review of Optus security systems, controls and processes.
Earlier, cabinet minister Tanya Plibersek said while people had been receiving their bills on time, Optus had not told customers whether their personal details had been stolen.
"One of the real problems is the lack of communication by Optus, both with its customers and the government," she told the Seven Network on Monday.
"It's extraordinary we don't have any Medicare numbers or Centrelink numbers that may have been compromised."
Yet former home affairs minister Karen Andrews said the government's response to the breach had also been inadequate.
While she did not absolve Optus of its corporate responsibilities, Ms Andrews said the government had "failed quite dismally" in its response.
At least 10,000 parcels of ID data taken in the breach were put on the internet for sale by the hacker but were later taken down.
Cyber Security Minister Clare O'Neil said Optus needed to be up-front about what specific data had been taken.
She said the government did not know how many passport numbers had been stolen.
On Sunday, Ms O'Neil demanded Optus respond to the government's request for more information so it could help protect Australians from fraud.
The minister also criticised the former Morrison government, describing laws designed to protect Australia's critical infrastructure from cyber attacks as "absolutely useless".
Opposition cyber security spokesman James Paterson said the coalition would be open to bigger fines for breaches of the Privacy Act.
In a statement, an Optus spokesperson said the company was working with government agencies to determine which customers it needed to take action on.
22°C