On 23rd September 2022 it was reported that Optus was victim to a significant data breach that compromised the personal details of up to 9.8 million Australians.

Optus is not the first company to have been breached and it certainly wont be the last.

I am worried that my information was compromised, what should I do?

Currently reports are stating that the details exposed in the breach included names, dates of birth, phone numbers, email addresses, driver’s licence numbers, passport numbers or addresses.

Payment details and account passwords have not been compromised.

What can a criminal do with identity information?

Once a criminal has the information they need, they could:

• apply for a credit card in your name
• open a bank or building society account in your name
• apply for other financial services in your name
• run up debts (e.g. use your credit/debit card details to make purchase) or obtain a loan in your name
• apply for any benefits in your name (e.g. housing benefit, new tax credits, income support, job seeker's allowance, child benefit)
• apply for a driving licence in your name
• register a vehicle in your name
• apply for a job/employment in your name
• apply for a passport in your name
• apply for a mobile phone contract in your name

How can I tell if I'm a victim of identity theft?

• mail expected from your bank has not arrived or you are receiving no post at all.
• items appear on your bank or credit card statements that you don’t recognise
• you applied for a government benefit but are told that you are already claiming
• you receive invoices, bills or receipts addressed to you for goods or services you haven't asked for
• you have been refused a financial service, such as a credit card or a loan, despite having a good credit history
• you are notified that a mobile phone contract has been set up in your name without your knowledge
• you have received letters from solicitors or debt collectors for debts that aren't yours

If I'm a victim, am I responsible for any fraudulent credit card or bank transactions?

If you have been a victim of identity crime and you still have your card, you should immediately report it to your bank.  In Australia you shouldn’t have to pay for anything bought on it without your permission (subject to the terms and conditions of your account).

If your card has been reported lost or stolen, you will usually not have to pay, unless it can be shown that you have acted fraudulently or without reasonable care, for example by giving your password details to someone who called or keeping your PIN number written down with your card.

Who can I contact for more information?

1. Information about new types of identity crime and emerging scams can be found at SCAMWatch.
2. If you want to report a scam you can complete the SCAMWatch online form or report it via the ReportCyber website.
3. iDcare connects the community to their expert Identity & Cyber Security Case Managers who listen and provide the best advice on how to respond to data breaches, scams, identity theft, and cyber security concerns.

What should I do if I have been the victim of identify theft?

• Get a free copy of your credit report every 3 months to check for any fraudulent application for credit made in your name.
• Apply for a Commonwealth victims certificate.

I am worried how our business might respond in similar circumstances?

How would you react if your company experiences a significant data breach?

Is your business prepared to respond to the barrage of questions that would come at you from every corner?

Download our Crisis Communications Planner to ensure you are prepared if your business was to experience a significant data breach event.