How to mitigate the risk of the Optus data breach

Gary Newcombe, commissioner for consumer protection, explained that a significant breach of trust in relation to Optus customers’ personal information has occurred.

“Those affected, which it seems can include people who have not been customers of Optus for a lengthy period, are at a risk of having their identity stolen and may become the target of scammers,” he said.

“This is not the time to be complacent as there is a real risk to current and former Optus customers who may have had important proof of identity documents stolen and used for criminal purposes.

“These documents may include their name, date of birth, phone number, and email address, as well as driver’s licence, Medicare, and passport numbers. All of these details are highly sought after by scammers and undoubtedly, they will be used if they get hold of them.”

Mr Newcombe detailed how “this sort of information can be used to directly contact people with scams or be used to try to apply for loans, open bank accounts or undertake other transactions in their name”.

As part of Consumer Protection’s recommendations, anyone concerned that their account has been compromised or that they have incurred any loss because of the data breach and Optus is yet to be in touch with them, contact Optus via any of the avenues. 

The group has urged individuals to also change their passwords and enable two-factor authentication for any banking and other accounts, which should also be monitored for any suspicious and unsolicited activity. If that occurs, contact your financial institution of choice. 

Additionally, they have outlined that should someone suspect they’re a victim of fraud, they should request a ban on their credit report, “which freezes access to your credit file”.

Given Optus’ concession that customers have had their driver’s licence details leaked, the Department of Transport is advising any impacted persons to “attend one of its Driver and Vehicle Service Centres with a copy of the Optus breach notice, plus two forms of primary identification to obtain a new licence”. 

Similarly, customers notified that their passport information had been breached are able to cancel their passport and apply for a new one via the Australian Passport Office at a cost. They advise that affected individuals are able to report the leak of their passport to the Australian Cyber Security Centre (ACSC), whereby they will receive a reference number that “may assist you when communicating with banks, financial institutions, superannuation funds, Commonwealth government agencies, and other organisations”. 

The Commonwealth government is still considering whether new Medicare cards will need to be issued in response to the breach. 

Finally, Consumer Protection urges anyone who incurs a cost as a result of the data breach to keep receipts and documentation in the event that a compensation claim against Optus can be made.