As you are probably aware, late last week, Optus announced it had been the victim of a cyberattack that exposed customers’ personal information.
Data of up to 9.8 million Australians, including customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers have been stolen by the cyber attacker. Payment details and account passwords are not believed to have been compromised at this time.
Below are the answers to some common questions for Optus customers, both business and personal.
What has happened?
Unfortunately, customer personal details have been accessed and Optus are providing details on their website. Optus is working with the ACSC to investigate and better understand the scope of the attack and the customers impacted.
How do I know if I’m impacted?
Under Australian law, Optus must notify any customers when a data breach involving personal information is likely to result in serious harm, and this certainly qualifies. However, it may take Optus some time to identify which customers were and weren’t affected and exactly what data was exposed for each customer.
If you are an Optus customer, we recommend taking precautions now rather than waiting until you have been contacted.
What could a cybercriminal do with my data?
The worrying element of this breach is the loss of identification data, such as driver’s licences and passport numbers. A cybercriminal could use these to apply for credit cards, bank accounts or other lines of credit in your name, leaving you with a lengthy and time-consuming process to prove the bills were not yours.
What can I do about it?
In order to prevent another person from taking credit out in your name, you may wish to apply for a credit ban. This prevents new credit from being taken out in your name and will need to be done separately for each of Australia’s three credit agencies – Equifax, illion, and Experian. More information about credit bans can be found here.
You should also monitor your bank accounts and credit reports closely for any unusual or suspicious activity.
While Optus has said passwords were not exposed, it’s still a good idea to change your password for Optus services and any other services that use the same password. If you use the same password for many accounts this may be a daunting task, and you may wish to consider a password manager to make this process easier going forwards.
Optus has also advised that for customers believed to have heightened risk, Optus will undertake proactive personal notifications and offer expert third-party monitoring services. So look out for notifications from Optus that you were impacted and if these services are being offered to you.
Where can I find more information?