Optus data breach – take action to protect yourself

Optus has been a victim of a recent cyber-attack. The attack may personally affect you if you are a current or past customer of Optus.

The Optus cyber-attack compromised the Personally Identifiable Information of nearly 10 million current and former Optus customers. The data breach included names, dates of birth, phone numbers and email addresses of all affected customers, along with sensitive information that may consist of passport, Medicare and driver's licence numbers.

Many organisations use the date of birth and address details to authenticate account ownership, which makes this breach particularly serious. If affected by this breach, you may be at a heightened risk of identity theft and fraud.

Those whose physical addresses, driver's licence, Medicare or passport information were impacted are also at a heightened risk of fraud, as this information can be used to apply for credit through financial institutions.

What you can do

It is vital to be aware of the heightened risk of identity theft and fraud and note that scammers and malicious actors will seek to take advantage of this breach. We also expect a significant uplift in phishing activity targeted at individuals.

We recommend that you consider the following actions.

1. Customers notified by Optus that their ID document numbers or details have been affected, change your driver’s licence, passport and Medicare card.

2. Change banking and other provider passwords and avoid using weak passwords that include a combination of your first name, surname, and date of birth. Please use strong passwords.

3. Do not click on links sent via SMS or email, especially claiming to be from Optus, a government body or banking institution, concerning this breach.

4. Check if your email address has been included in a data breach: https://haveibeenpwned.com/

5. Enable Multi-Factor Authentication for your online accounts, particularly banking accounts, and use app based authentication instead of SMS.

6. Monitor any suspicious activity across your online accounts, financial accounts, and credit reporting. Report any fraudulent activity immediately to your financial institution.

7. Be aware that scammers may have access to more of your details now, and exercise caution about suspicious calls, texts, emails, and other messages.

8. Ensure that you have a call-in 'passcode' or an online banking passcode set up with your various providers as an added security measure, and avoid using your birthdate as a passcode or pin.

If you are still concerned, you can apply for a “credit ban”. This will limit your exposure to financial fraud by freezing access to your credit file. Further information on credit bans can be found here:

• https://www.idcare.org/fact-sheets/credit-bans-australia

• https://www.cyber.gov.au/acsc/view-all-content/alerts/optus-notifies-customers-cyberattack-compromising-customer-information

• https://www.idcare.org/support-services/individual-support-services

• https://www.creditsmart.org.au/otherhelpfulservices/identity-theft/

© 2022 CPA Australia Ltd