Optus Breach and What You Can Do to Protect Yourself

September 23, 2022

On 23rd September 2022 it was reported that Optus was victim to a significant data breach that compromised the personal details of up to 9.8 million Australians.

Optus is not the first company to have been breached and it certainly wont be the last.

I am worried that my information was compromised, what should I do?

Currently reports are stating that the details exposed in the breach included names, dates of birth, phone numbers, email addresses, driver’s licence numbers, passport numbers or addresses.

Payment details and account passwords have not been compromised.

What can a criminal do with identity information?

Once a criminal has the information they need, they could:

  • apply for a credit card in your name
  • open a bank or building society account in your name
  • apply for other financial services in your name
  • run up debts (e.g. use your credit/debit card details to make purchase) or obtain a loan in your name
  • apply for any benefits in your name (e.g. housing benefit, new tax credits, income support, job seeker's allowance, child benefit)
  • apply for a driving licence in your name
  • register a vehicle in your name
  • apply for a job/employment in your name
  • apply for a passport in your name
  • apply for a mobile phone contract in your name

How can I tell if I'm a victim of identity theft?

  • mail expected from your bank has not arrived or you are receiving no post at all.
  • items appear on your bank or credit card statements that you don’t recognise
  • you applied for a government benefit but are told that you are already claiming
  • you receive invoices, bills or receipts addressed to you for goods or services you haven't asked for
  • you have been refused a financial service, such as a credit card or a loan, despite having a good credit history
  • you are notified that a mobile phone contract has been set up in your name without your knowledge
  • you have received letters from solicitors or debt collectors for debts that aren't yours

If I'm a victim, am I responsible for any fraudulent credit card or bank transactions?

If you have been a victim of identity crime and you still have your card, you should immediately report it to your bank.  In Australia you shouldn’t have to pay for anything bought on it without your permission (subject to the terms and conditions of your account).

If your card has been reported lost or stolen, you will usually not have to pay, unless it can be shown that you have acted fraudulently or without reasonable care, for example by giving your password details to someone who called or keeping your PIN number written down with your card.

Who can I contact for more information?

  1. Information about new types of identity crime and emerging scams can be found at SCAMWatch.
  2. If you want to report a scam you can complete the SCAMWatch online form or report it via the ReportCyber website.
  3. iDcare connects the community to their expert Identity & Cyber Security Case Managers who listen and provide the best advice on how to respond to data breaches, scams, identity theft, and cyber security concerns.

What should I do if I have been the victim of identify theft?

I am worried how our business might respond in similar circumstances?

How would you react if your company experiences a significant data breach?

Is your business prepared to respond to the barrage of questions that would come at you from every corner?

Download our Crisis Communications Planner to ensure you are prepared if your business was to experience a significant data breach event.

Secure your business.

"assurance"

confidence or certainty in one's own abilities.

“The business has given us assurance that they have security in place to protect our information”

Our Difference

Established and lead by industry experts.

At the helm of our privately owned, global RegTech firm are industry experts who understand that security controls should never get in the way of business growth. We empower companies large and small to remain resilient against potential threats with easily accessible software solutions for implementing information security governance, risk or compliance measures.

We support businesses every step of the way.

We don't just throw a bunch of standards at you and let you try and figure it out! We have designed a thoughtful way of supporting all businesses consider, articulate and develop security controls that suit the needs of the organisation and provide clever reporting capability to allow insights and outcomes from security assessments to be leveraged by the business and shared with third parties.

Our customers are the heart of our company.

Our platform places customers at the heart of our design process, while providing access to expert knowledge. With simple navigation and tangible results, we guarantee that all data is securely encrypted at-rest and in transit with no exceptions – meeting international standards with annual security penetration testing and ISO 27001 Certification.