Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Business

What you should do to protect yourself after Optus data breach

Optus has now confirmed that more than two million people have had their data leaked in the recent breach, so if you've been impacted and don't know where to go from here, there's a high chance you're not alone.

So, what can you do now to protect yourself, and are there any ways to help secure your data online?

What to do now to protect yourself

Carsten Rudolph — Associate Professor of Cybersecurity at Monash University’s school of information technology — says there are some ID forms that you can’t replace, such as your name, date of birth and address, but the ones you can need to be updated as soon as you can.

“If driver's licence number, passport number or even scans of the complete document are leaked, it is more critical,” Professor Rudolph says.

He says the data might be enough for a scammer to impersonate you, so getting these replaced with new documents is a must.

You’ll need the help of the organisation or government department that issued the documents to have them replaced.

How to be careful in the near future

Professor Rudolph says people should monitor their bank accounts frequently and check that there aren’t any unknown transactions.

“If there are transactions they cannot relate to anything they have done themselves, they need to immediately contact their bank,” Professor Rudolph says.

Damien Manuel — the chair of Australian Information Security Association — says looking ahead, people impacted by the breach should be taking extra precautions.

“They should be very careful receiving emails, calls and texts because it could be scammers that are using that information to illicit a friendlier response and try [to] trick them into either handing over additional personal information or giving them access to bank account details,” Mr Manuel says.

It’s also important to double check account numbers when making major electronic bank transfers, because scammers often trick people into paying invoices into the wrong accounts, according to Professor Rudolph.

How to protect yourself in the wake of the Optus leak

Long-term measures to take

Mr Manuel says it’s important to be conscious about the data you’re giving away when signing up for programs.

"We’ve got to think about using our personal information to get a discount or join a loyalty program. If that data is lost, what kind of impact are we likely to suffer from an identity theft perspective? People opening up accounts in our names and accruing debt,” Mr Manuel says.

“We’ve got to think about the inconvenience every time this happens, to get our licence replaced or our passport," Mr Manuel says.

He says there could be challenges in the future for some customers who have lost identity information.

“Of the things we’re really worried about is this is going to have a really long tail, where people may have debt collectors coming after them in a couple of years’ time, based on these accounts that have been opened and used".

What has Optus said?

On Monday, Optus chief executive Kelly Bayer Rosmarin said more than two million customers had their personal identification documents compromised by hackers.

A message from Optus to customers

"We are deeply, deeply sorry that this could occur, especially because we genuinely care about safeguarding our customers information and we invest millions of dollars and we have teams of people whose job it is to prevent something like this happening."

Optus has notified its customers with a driver's licence on record in New South Wales, the Australian Capital Territory, South Australia, the Northern Territory, Western Australia and Tasmania to confirm that they were exposed in the attack.

Customers who had a Medicare card number exposed have also been contacted.

Optus says it’s still working to provide advice to customers in Victoria and Queensland.

Extra steps to take

Professor Rudolph says there is not much people can do if their data is accessed through companies being hacked. But there are a few rules everyone can follow, like:

  • never use the same passwords for different accounts
  • don't have "easy" passwords
  • use pass phrases or password managers
  • use multi-factor authentication wherever possible.

“[Using two-factor authentication] for all important online accounts, financial services, social media, email is really important, mobile phone providers.

“However, not all second factors are equally secure. Text message, for example, depends on the phone number and, if a malicious person manages to get a mobile phone provider to transfer that number to a different SIM card, they would be able to complete this second authentication step.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.