Optus data breach

On 22 September 2022, Optus announced that it was the victim of a cyberattack. As a result, the personal details of current and former Optus customers may be in the hands of criminals.

The ACCC’s Scamwatch is advising Optus customers to watch out for scams following this data breach, and provides advice on how to stay protected.

 

What data has been compromised?

Optus states that the information which has been exposed is:

  • Name.
  • Date of birth.
  • Email.
  • Phone number.
  • Address associated with account or former account.
  • Numbers of the ID documents that were provided to Optus such as driver’s licence number or passport number.

Importantly, no financial information or passwords have been accessed.

 

What is the potential impact?

Scamwatch is advising Optus customers that they may be at risk of identity theft.

Identity theft is a form of cybercrime where criminals access another individual’s personal information without their consent, to gain benefits or steal money. The criminal may use the personal information to:

  • Transfer money from your account to theirs.
  • Apply for credit or loans under your name and leave you with the debt.
  • Steal sensitive and confidential information such as employer’s files.
  • Steal your tax refund or Medicare benefits.

 

How to protect yourself

 

Advice from Optus

Optus states that it is currently not aware of customers or former customers having suffered any harm, but it encourages them to have heightened awareness across their accounts, including:

  • Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
  • Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
  • Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
  • If people call you posing as a credible organisation and request access to your computer, always say no.

 

Advice from Scamwatch

Scamwatch provides similar advice:

  • Secure your devices and monitor for unusual activity.
  • Change your online account passwords and enable multi factor authentication for banking.
  • Check your accounts for unusual activity such as items you haven’t purchased.
  • Place limits on your accounts or ask your bank how you can secure your money.
  • If you suspect fraud you can request a ban on your credit report.

 

What to do if you become a scam victim

If you are concerned that your identity has been compromised or you have been a victim of a scam, you should:

  • Contact your bank and relevant financial institutions immediately.
  • Call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service.
  • Report the incident. There are multiple avenues available for reporting a cybercrime. You may report to:
    • Scamwatch – run by the Australian Competition & Consumer Commission (ACCC).
    • ReportCyber – run by the Australian Criminal Intelligence Commission (ACIC).

Nyman Gibson Miralis provides expert advice and representation in complex cybercrime cases.

Contact us if you require assistance.