What to do if you’re affected by the Optus data breach.


“It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.” If you received this email from Optus CEO Kelly Bayer Rosmarin, you might be left wondering what should you do now to protect yourself from identity theft, potential scams and fraud.

Optus has advised the information potentially exposed may include customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, and ID document numbers such as driver licence or passport numbers. Payment detail and account passwords have not been compromised. Customers that had the most fields exposed would be contacted first over the next few days. It is likely that if you are not contacted by Optus in the next few days, that you are not in this cohort of individuals.

Please note: notification from Optus is occurring via email and Optus will not provide any links in emails or contact you via sms or phone call asking you to verify any personal details or billing information. If you are contacted via SMS or phone, do not engage, contact Optus directly through a verified point of contact.

Optus has engaged IDCARE, a not-for-profit cyber security support service, to give assistance to customers who have experienced misuse of breached information as a result of the recent Optus data breach.

IDCARE has compiled the following informational FACT SHEET which can also be accessed here.

Response Considerations

IDCARE is unable to advise, on case-by-case basis, the extent of personal information or identity credentials that have been compromised through this breach.

As a precautionary measure there are proactive response actions IDCARE recommends that you may wish to consider.

Remain vigilant about scams and unsolicited calls, emails and text messages.

• Scammers often impersonate government and businesses. Never respond to requests to provide personal and account information, or access to your device.

• Make sure you disconnect and make your own enquiries.

• Never click on any links that look suspicious or provide passwords, personal or financial information

• Consider subscribing to www.scamwatch.gov.au for the latest information about scams impacting our community.

• Look out for any suspicious or unexpected activity across your online accounts and report any fraudulent activity immediately to your provider.

Wherever possible it is always recommended that any accounts you have in place are protected with multi-factor authentication.

• Talk to your account providers as to whether this security measure is available

Get your free credit reports

• Your credit reports provide a means to assess whether someone has attempted to obtain credit in your name. It is important to obtain your credit report from all three agencies as some may gather credit information others have missed.

• In Australia, you can obtain a free credit report every three months, or more often if you have been refused credit within the last 90 days, or your credit-related personal information has been corrected. To apply for your credit reports from Equifax, illion and Experian, please see IDCARE’s Fact Sheet on Credit Reports Australia.

Apply for a Credit Ban with Equifax, illion and Experian (Australia)

• IDCARE recommends applying for Credit Bans with Equifax, illion and Experian (to do this please see IDCARE’s Fact Sheet on Credit Bans Australia). Note that you can arrange a ban across all three Credit Reporting Agencies through one application with one of the individual agencies.

If you believe your Optus account has been compromised, contact Optus via My Optus app – which remains the safest way to contact Optus, or call on 133 937.

If you identify that you have experienced any misuse of your credentials, please contact IDCARE for support https://www.idcare.org/contact/get-help.

IDCARE is a national identity and cyber support service. They are a not-for-profit charity that was formed to address a critical support gap for individuals confronting identity and cyber security concerns. Specialist Identity & Cyber Security Case Managers and Analysts apply a human-centred approach to identity and cyber security. IDCARE as a registered charity does not ask individuals to donate or pay for their front line services.

[DISCLAIMER: In reaching this advice, IDCARE has assumed that the information communicated to IDCARE about this incident is accurate and reliable. IDCARE reserves the right to adjust our response should further information become available. For the full disclaimer click here to read the FACT SHEET]

Feature image: Photo by Markus Spiske on Pexels