Skip to main content

Optus Data Breach

Practical Tips on how to protect yourself and your identity 

 OPTUS customers - please read…. if like me you have received the Optus notification of their hacked systems, which means ALL your sensitive data has been exposed - here are some steps to take to protect yourself from identity theft. I’ve updated the tips i wrote previously and added some new ones

First and foremost contact Optus to determine exactly what data they believe has been exposed. This will help you chart your next steps; 

If your Name, Address, DOB, email - this still leaves you exposed and the first set of steps should be taken.

Name, DOB, email, address

  1. The email address Optus has - should be considered burned - do not use it anywhere for anything that contains sensitive data. Stop using this email for ANY and All financial systems and websites that have your sensitive data. Create a new email address and use this for all sites that manage your sensitive data; This includes places like 
    1. Banks
    2. MyGov  & MyGovID
    3. Tax Department
    4. Medicare
    5. Your Health Fund
    6. Your doctor 

    Setup a new email address - one that is JUST for all your financial and sensitive data information providers, ie the list above. Contact each of them and change your email address with those organisations. If your MyGov account uses the same Email as your the email Optus have on you 

  2. Optus are providing 1 year free Equifax  credit reporting, identify & credit monitoring tool. Contact Optus for a Code - the go to https://www.equifax.com.au/optus  
    1. while your on the call with Optus finding out what data was lost - request that they provide you 12 months of free Equifax - credit monitoring and reporting service.

  3. Contact you bank(s) and notify them your data has been breached in the optus breach and ask them to put a note on your file

  4. Make sure all your financial systems have multi-factor authentications systems - in fact any system that offers this you should implement
    1. Preferable a software token or hardware token - a lot of banks still use SMS/Text messages - this is a problem if a hacker ports your phone number to another network and now has access to your banks SMS message

License, Medicare and/or Passport

  1. If you were notified by Optus your data was breached - then it is HIGHLY likely this also includes your Medicare number - you will need to TRANSFER to a new card (to get a new number) - you will need to submit this form - plus copy of existing ID - which you can send to them via email (email address on the form) https://www.servicesaustralia.gov.au/ms011 

  2. Put a Ban on your credit reporting - this will block anyone from applying for credit in your name - https://www.equifax.com.au/eform/submit/credit-ban    -  Illion and Experion - also provide this facility
    1. there are limits on this ban - i believe its now down to 21 days - but you can get it extended with evidence of cyber crime - this include a report from the cyber crime reporting system - see below

  3. Report cybercrime to -https://www.cyber.gov.au/acsc/report   so that you can get extension on your Credit ban and so that if there is an issue of fraud in the future - you have this event documented.

  4. If your bank uses TEXT/SMS verifications (MFA) ask them to switch you to Software Tokens (google authenticator etc or other) - if they don’t offer software or hardware tokens - you should seriously consider changing banks. You WILL be a victim of fraud, as was CEO client of mine. Just a matter of time. The heirachy of MFA security goes like this;
    • Email MFA – worst
    • Text MFA – slightly better security – but subject to your phone number been stolen/ported – Optus Data breach means – hackers/scamming now have a massive list of phone number to port somewhere. They also know that EVERYONE will be using this phone number on their bank and other sensitive data locations.
    • Software Token MFA – is the defacto minimum standard for security and banks not using it – should be avoided
    • Hardware Token MFA – the best level of token security
    • Physical Security Key – that require insertion into a computer and physical touch to complete a transaction – best security available – but not widely known or adopted.
  1. Change your phone number, or get a new phone number - eSim (obviously with another provider) - update all your financial systems to use the NEW number. This will prevent scammers from attempting to port your number away and then use your phone/sms verifications to access your bank details.
    1. This was the advice I provided a  CEO client and it was ignored because it was too hard and they were a victim of fraud a second time

  2.  VicRoad will give a new license and license number and charge back the cost to Optus - if you were notified by Optus that your details we breached and have a Victoria Drivers license - go directly here - https://www.vic.gov.au/victorian-drivers-licence-record-flag-optus-breach  more info on other states below.

  3. Contact your local Road Authority. (see specifics above of Victoria 
    1. NSW - https://www.service.nsw.gov.au/optus-breach 
    2. VIC - https://www.vic.gov.au/victorian-drivers-licence-record-flag-optus-breach 
    3. QLD - https://www.qld.gov.au/transport/licensing/update/change-your-customer-reference-number
    4. SA - https://service.sa.gov.au/news?a=1112633
    5. ACT - https://www.accesscanberra.act.gov.au/s/article/Information-about-the-Optus-data-breach
    6. WA - https://www.transport.wa.gov.au/aboutus/37546_48564.asp
    7. TAS - https://www.service.tas.gov.au/services/me-and-my-identity/personal-information-card/impacted-by-the-recent-optus-cyberattack
    8. NT -  can’t find anything

  4. Passports - contact Optus to find out if your passport number was included in data breach - if yes - you should apply for a new passport and get new passport number.  https://www.passports.gov.au/optus-data-breach-0 

If you would like to know more or need help with aspects of your IT including topics covered above click on the contact button for a obligation free chat.