Following a large-scale data breach, millions of Optus customers across the country are at increased risk of having their personal information stolen with an estimated 9 million people thought to be impacted.
The information which could have been compromised and stolen includes customers’ names, dates of birth, phone numbers, email addresses, and in some instances address details, and ID document numbers such as driver’s licence or passport numbers.
Optus stressed that payment details and account passwords have not been compromised as the telco scrambles to secure the information of millions of its customers.
Following the breach, Optus CEO Kelly Bayer Rosmarin said “we are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer’s personal information to someone who shouldn’t see it”.
“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” Rosmarin said.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
Hi, we are working closely with the Australian Cyber Security Centre, key regulators and authorities to mitigate any risks to customers. We also notified the Australian Federal Police and financial institutions.(1/3)
— Optus (@Optus) September 22, 2022
Optus’ apology did little to placate the millions impacted by the data breach who were left furious that their personal information had been compromised and who took to social media to vent their frustration.
I only just got this email from Optus myself ????
So tempted to message them demanding to waive my next bill due on October 11th…
the absolute nerve of them to keep demanding money from us after all our personal info being outed… :/#OptusDataBreach #OptusHack pic.twitter.com/3IYkWeJIA5
— Beo: King of Swallowtail Woods (@BeoSwallowtail) September 23, 2022
The #optus hack is terrifying.
With all that ID data including emails, mobile numbers. It takes only ONE MORE BREACH of your system and the hackers can get into all your accounts.
The hackers just need to get access to your email account. Then can reset almost any password.
— Tech, Creating Jobs, Tranquility, a better world (@stu6162) September 23, 2022
Talking to a mate today, an ID expert. Having a chat about #OptusHack So hackers have 100points of ID for 10million Australians. Every bank and every government agency now has to be on high alert. @9NewsMelb spent 15seconds on it. #auspol This is huge.
— Christopher Prince (@zinifax) September 25, 2022
#OptusHack Finally received an email(???) from Optus to say all my data breached and now I have to monitor for suspicious activity. Why did you take all that sensitive information in the first place if you could not protect it? #optusfail
— BethinCanberra (@ElbK19) September 23, 2022
Email from Optus confirming the hackers have my name, DOB, email, phone number, home address, drivers licence number and passport number.
— Stephen ???????? (@TheAviator1992) September 24, 2022
So Optus has been hacked and customers have had their passports, driver’s licence, email and residential addresses hacked. Optus has a duty of care to keep this data offline, to avoid a hack. This is a massive breach of trust. #ClassActionLawsuit pending #Optus #OptusFailure
— MrSmith2022 (@blue01dragonfly) September 24, 2022
— Eagle Sam (@samthe_eagle) September 23, 2022
— Maca_rojasR (@mrojasrusque) September 23, 2022
I go to pretty great lengths to protect my identity. So the Optus hack is incredibly frustrating.
I hope there’s a class action.
I hope there is federal action too. There was 0 reason for Optus to be holding that data.
— Will (@batmangrundies) September 24, 2022
Following the breach, Scamwatch alerted customers as to what to be on the lookout for when it comes to unusual activity and what can be done if personal information has been compromised.
Scamwatch advised Optus customers to “take immediate steps to secure all of their accounts, particularly their bank and financial accounts” and “monitor for unusual activity on your accounts and watch out for contact by scammers”.
Scamwatch is warning Optus customers to take urgent action to secure their accounts and personal information following a cyber-attack. Watch out for contact from scammers who may have your personal information. https://t.co/Ps5gj2KDXL pic.twitter.com/UXHXyNdqIo
— Scamwatch_gov_au (@Scamwatch_gov) September 22, 2022
In order to protect personal information, Scamwatch suggests changing online account passwords and enable multi-factor authentication (particularly for online banking), check accounts for unusual purchases, and placing spending limits on bank accounts.
Those who are concerned that their personal information has been stolen are urged to contact their bank immediately and call IDCARE on 1800 595 160.