top of page

Optus data breach: who is affected, what has been taken and what should you do?


After a malicious cyber-attack, customers of Australia’s second-largest telco are advised they could be at risk of identity theft


Australia’s second-largest telco, Optus, has suffered a massive data breach, with the personal information of potentially millions of customers compromised by a malicious cyber-attack.

It is believed the attackers were working for a criminal or state-sponsored organisation.


The government’s Scamwatch, run by the Australian Competition and Consumer Commission, said: “If you are an Optus customer, your name, date of birth, phone number, email addresses may have been released.”

“For some customers identity document numbers such as driver’s licence or passport numbers could be in the hands of criminals. It is important to be aware that you be may be at risk of identity theft and take urgent action to prevent harm.”


How many people are affected?

On Thursday Optus could not reveal how many of its 9.7 million subscribers in Australia had been compromised, but its chief executive, Kelly Bayer Rosmarin, said the number was “significant”.

“We want to be absolutely sure when we come out and say how many,” she told the ABC’s Afternoon Briefing.

“We’re so deeply disappointed because we spend so much time and we invest so much in preventing this from occurring.

“Our teams have thwarted a lot of attacks in the past and we’re very sorry that this one was successful.”

What information was taken?

Optus confirmed that customers’ names, dates of birth, phone numbers and email addresses may have been exposed.


Street addresses, driving licence details and passport numbers of some customers were also accessed.

Optus said payment details and account passwords had not been compromised and its phone services remained safe to operate.

The Office of the Australian Information Commissioner (OIAC) warns that only a small amount of information is needed to compromise a person’s identity.

“Your identity can be stolen if a thief accesses your personal information, including from any document that contains information about you,” the OAIC website says. “Even if a thief only accesses a small amount of your personal information, they may be able to steal your identity if they can find out more about you from public sources. This includes social media accounts which may include your date of birth, photos and information about your family.

“Identity fraud can result in someone using another individual’s identity to open a bank account, get a credit card, apply for a passport or conduct illegal activity.”

How do I know if I am at risk?

Advertisement

Optus has said it will contact any customers it believes are at heightened risk of being compromised, sending personal notifications and offering third-party monitoring services.

Customers who believe their data may have been compromised, or who have specific concerns, were asked to contact Optus through the My Optus App (the company said this is the safest way to interact with Optus), or by calling 133 937.

Optus said it would not send links in any emails or SMS messages. Users should never click on a link purporting to inform them their personal information has been compromised.

What should I do to protect my details?

Scamwatch has advised Optus customers to secure their personal information by changing online account passwords and enabling multifactor authentication for banking.

Read moreAffected customers should also place limits on bank accounts, monitor for any unusual activity and request a ban on credit reports if any fraud is suspected. “It is important to be aware that you be may be at risk of identity theft and take urgent action to prevent harm,” Scamwatch said in a statement. “Scammers may use your personal information to contact you by phone, text or email. “Never click on links or provide personal or financial information to someone who contacts you out of the blue.” What is the government doing to help?The home affairs minister, Clare O’Neil, said the Australian Cyber Security Centre was providing advice and technical assistance to Optus, and that Australian companies and organisations were being consistently targeted by cybercriminals and hostile nations. O’Neil said: “All Australians and Australian organisations need to strengthen their cyber defences to help protect themselves against online threats.” The minister advised people concerned they may have been a victim of cyber-attack to visit cyber.gov.au.

… we have a small favour to ask. Tens of millions have placed their trust in the Guardian’s fearless journalism since we started publishing 200 years ago, turning to us in moments of crisis, uncertainty, solidarity and hope. More than 1.5 million supporters, from 180 countries, now power us financially – keeping us open to all, and fiercely independent. Unlike many others, the Guardian has no shareholders and no billionaire owner. Just the determination and passion to deliver high-impact global reporting, always free from commercial or political influence. Reporting like this is vital for democracy, for fairness and to demand better from the powerful. And we provide all this for free, for everyone to read. We do this because we believe in information equality. Greater numbers of people can keep track of the events shaping our world, understand their impact on people and communities, and become inspired to take meaningful action. Millions can benefit from open access to quality, truthful news, regardless of their ability to pay for it. Every contribution, however big or small, powers our journalism and sustains our future. Support the Guardian from as little as $1 – it only takes a minute. If you can, please consider supporting us with a regular amount each month. Thank you.


Referring Links: www.theguardian.com

5 views0 comments

Comments


bottom of page