Australian Privacy Commissioner Timothy Pilgrim is considering whether to launch an investigation into the hacking of Gemalto SIM cards by United States and British spy agencies that experts say leaves potentially millions of Australians open to having their phone conversations or text messages monitored.

The news comes as security experts rubbished the Dutch company's claims overnight that its SIM cards – which it supplies to Telstra, Optus and Vodafone – were secure, even though the manufacturer admitted it had "probably" been hacked by the US National Security Agency (NSA) and Britain's Government Communications Headquarters (GCHQ).

Mr Pilgrim said the Office of the Australian Information Commissioner (OAIC) was making preliminary inquiries into the matter with "a number" of Australian mobile carriers, "in order to determine what, if any, further action is required."

He noted Australian Privacy Principle 11, which requires an organisation to take "reasonable steps to protect the personal information that it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure".