Optus is currently investigating after suffering a significant data breach due to a cyberattack that may originate back as far as 2017. Optus has stated that upon discovering the breach they “immediately shut down the attack”.
The famous Aussie telco company has confirmed alerting the Australian Federal Police, the Office of the Australian Information Commissioner and other essential regulators of the attack. Following the nationwide incident, our Home Affairs Minister is “soon expected to announce several new security measures” for Australian businesses according to the ABC.
Optus customer information that may have been breached includes:
- Names
- Dates of birth
- Phone numbers
- Email addresses
- Addresses (only affecting a subset of customers)
- ID documents such as driver’s license or passport number (only affecting a subset of customers)
Optus has confirmed payment detail and account passwords have not been compromised. Messages and voicemails have also not been compromised as they confirm their services remain safe to use and are in operation as per usual.
What is the next step for breached Optus customers?
- Keep an eye out for any suspicious or unexpected activity occurring in any of your online accounts including your bank accounts. If you notice something unusual, report it to the provider immediately.
- Be alert to any communication from potential scammers who may have your personal information. Suspicious emails, texts, phone calls, or social media messages should not be engaged with even if they have your details. Report these directly to the provider (contact them via the details you have for them, NOT the details or links in the suspicious message) and to ACSC ReportCyber immediately.
- Never click any suspicious links and never provide your passwords or any personal or financial information. Optus will NOT ask you for your passwords or sensitive information and will NOT send you any links via email or text message.
How do I know if I am at risk from the Optus data breach?
We don’t know for sure who or how many customers have been breached. Optus is in the process of contacting its customers who they know have been directly impacted. Optus CEO, Ms Bayer Rosmarin, has stated Optus customers with the most fields exposed are the first to be contacted and, over the coming days, all customers will find out what category they fall into in terms of the breached data risk.
I think my Optus account has been breached – what now?
You can contact Optus if you believe your account has been compromised via the My Optus App as the safest way to report it. Alternatively, you can contact by calling 133 937.
If you are suspicious your licence, ID, or passport number has been used, you need to contact the agency that issued the identity document immediately. In Queensland, this is who you need to contact if your details of the following have been stolen:
- Driver’s licence: Department of Transport and Main Roads
- Medicare card: myGov/Medicare
- Passport: Department of Foreign Affairs
Precautions to take after the Optus data breach
You may not know if you have been significantly breached or not yet. To secure your data as much as possible after this cyberattack and to prevent your data from being stolen going forward, here is what we recommend:
- Set up multi-factor authentication across your online accounts
- Update your online accounts with strong passwords
- Use a password manager
If you believe your identity has been stolen, here are some steps you can take:
- Immediately report it to your bank and local police
- Report it to your social media account (Facebook, etc.) and any online accounts you are concerned may be compromised or used by the scammer
- File a report with the Australian Cyber Security Centre
- Change the passwords on your online accounts
- Request a credit report from Equifax, Experian, or illion and consider placing a ban on your credit file to stop criminals from accessing credit in your name (ask the agency for advice)
- Contact IDcare for support – see their Response Fact Sheet – Optus Data Breach
Moving forward
Optus is continuing to assist the AFP to conduct the criminal investigation. They are also working with the ACSC to limit the risk for customers both current and former, noting that “not everyone may be affected”.
Customers need to remain vigilant – don’t click any links or provide any personal information, and make sure to report anything to ReportCyber if you are at all suspicious. Optus will be in touch with all customers over the coming days so you will know your risk very soon. In the meantime, take whatever steps you can to secure your accounts as we have detailed.