Optus has announced that a cyberattack has resulted in the disclosure of customers’ personal information to someone who shouldn’t see it.
Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers. Payment detail and account passwords have not been compromised.
As at 26 September 2022, Optus has sent an email or SMS to all customers whose ID document numbers, such as licence or passport number, were compromised because of the cyberattack. They will continue to reach out to customers who have had other details such as their email address, illegally accessed.
Notification from Optus is occurring via email and Optus will not provide any links in email or contact you via SMS or phone call asking you to verify any personal details or billing information. If you are contacted via SMS or phone, do not engage, contact Optus directly through the My Optus App or on 133 937.
IDCARE, the national identify and cyber support service, has developed a fact sheet for concerned Optus customers that provides tips on protecting yourself from scams.
The Office of the Australian Information Commissioner, the independent national regulator for privacy, has also provided advice regarding the Optus data breach.
Protecting your credit report
Criminals may attempt to use the stolen information to take out loans in your name, especially if the information includes ID document numbers, such as driver’s licence or passport numbers.
To help prevent this from happening, you can request a ban be put on your credit report which is held by a ‘credit reporting body’.
You can apply for a ban from any of the three different credit reporting bodies. When requesting a ban with one credit reporting body, you can also ask the credit reporting body to arrange a ban with the other two credit reporting bodies.
To arrange a ban, go to any one of the following:
- Equifax: Go to Placing a ban with Equifax and fill in and submit the form. Once submitted, Equifax will email you to let you know the ban is in place.
- illion: Go to Placing a ban with illion and fill in and submit the form. Once submitted, illion will email you to let you know the ban is in place.
- Experian: Go to Placing a ban with Experian and fill in and submit the form. Once submitted, Experian will email you to let you know the ban is in place.
The ban will initially apply for 21 days.
During that time, a credit provider will not be able to access your credit report, which should stop any loans from being approved. If you are legitimately applying for credit while there is a ban on your credit report, you should talk to the credit provider before submitting the application. They will let you know what to do (which may include waiting until the ban period ends before applying or requesting the credit reporting body to lift the ban).
If you think that you are still at risk of becoming a victim of fraud after the 21 days, you can ask for an extension of the ban period by contacting any one of the credit reporting bodies before the initial ban ends. You may be asked to provide evidence supporting why you think you are still at risk.
Getting a free copy of your credit report
Getting a copy of your credit report from each of the credit reporting bodies will help you identify any suspicious activity on your credit report (which could be an indication that a criminal has fraudulently applied for credit using your information). You can get a free copy of your credit report every three months from each of the credit reporting bodies by following these instructions.
Other protections for customers most affected
Optus has announced that they are offering customers who are most affected by the cyberattack the option of taking up a 12-month subscription to Equifax Protect at no cost. Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft. Optus will contact those customers over the coming days on how to start their subscription at no cost.