A hacker has released 10,000 Optus customer records in a massive cyber-attack and is threatening to release more unless the telco pays the ransom demand of $1 million USD.
Customers’ names, Dates of birth, Phone numbers, and email addresses have been exposed, as well as drivers’ licenses, passport numbers and Medicare numbers for certain customers.
How do I know if I’ve been impacted by the data breach?
Optus has emailed affected customers with the adjacent email:
I’ve been impacted. What should I expect?
The two main risks are identity theft and phishing scams.
Optus customers are being advised that they may receive spam letters from Optus that appear legitimate. As the hacker is now in possession of personal information, the scammers may have enough information to take over bank accounts, or open new, fraudulent ones in the names of victims. Moreover, Optus customers may receive scam phone calls.
You may also receive suspicious voice messages allegedly reporting fraudulent activity, this is a red flag. Do not share your personal information over the phone or allow callers access to your computer.
What do I do now?
Stay vigilant with phone calls and emails.
If you receive a phone call, hang up and ring Optus on their number – not the number that called. If you receive an email and you’re not sure if it’s legitimate or not, contact Optus directly.
The main thing to remember is that Optus will not send out any emails or texts with links, so don’t click on anything.
Two-factor authentication.
Turn on two-factor identification for your online accounts, and make sure you change your passwords if you have used your Optus password anywhere else. Two-factor identification should be set up for any account related to money, such as your bank accounts, Centrelink, and superannuation. While you’re at it, best be safe and set up two-factor for social media accounts too.
Call your bank and ask them to put in place additional security questions, particularly for over-the-phone authentication.
Consider changing ID documents.
The numbers on ID documents such as passports and driver’s licences that have been compromised. There is, however, a limit to what anyone can do with this information, as the hackers do not have other details, i.e., expiry dates or the address on the card.
The Department of Foreign Affairs and Trade has advised that passports will still be safe to use and the decision to get a new passport to avoid identity fraud is up to you, if you want peace of mind.
If you’re not travelling anytime soon, cancelling your passport is a cheaper option than renewal, which avoids the usual application frees and extended wait time due to covid.
How can I help others?
Optus customers who are less tech savvy are more vulnerable to the breach. So, check in on your family and friends during this time and help them protect their personal data.
Reminding them to be careful about emails and clinking on links, and to tell them to ask for a second opinion if they are suspicious.
There are also free and paid identity theft monitoring and insurance services available, such as Norton Identity Advisor, Equifax Identity Protect, and Troy Hunt’s HaveIBeenPwned.
Major Announcement from Optus.
Optus is providing free access to Equifax Identity Protect to the millions of customers who had their passport or driver’s licence numbers compromised. If your ID documents were compromised, expect an email on how to start the service in coming days.