The Times Australia
The Times World News

.
The Times Real Estate

.

What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide

  • Written by Jennifer J. Williams, PhD Candidate, Macquarie University
A snippet of an email received by a former Optus customer

Optus, Australia’s second largest telecommunications company, announced on September 22[1] that identifying details of up to 9.8 million customers were stolen from their customer database.

The details, dating back to 2017, include names, birth dates, phone numbers, email addresses, and – for some customers – addresses and driver’s licence or passport numbers.

According to the Australian law[2], telecommunications providers are required to hold your data while you are their customer and for an additional two years, but may keep the data for longer for their own business purposes.

This means that if you are a previous customer of Optus, your data may also be involved - although it remains unclear how long the details of past customers have been held.

A snippet of an email received by a former Optus customer
Optus has been contacting former and current customers to notify them of the data breach. The Conversation

The stolen data constitutes an almost complete suite of identity information about a significant number of Australians. Optus states they have notified those affected, but there are plenty of questions remaining.

What happens with your data next, and what can the average Australian do to protect against the threats caused by this unprecedented data breach?

Read more: How not to tell customers their data is at risk: the perils of the Optus approach[3]

What will happen to the data?

Late last week, an anonymous poster on a dark web forum posted a sample of data ostensibly from the breach, with an offer not to sell the data if Optus pays a US$1 million ransom[4]. While its legitimacy has not yet been verified, it is unlikely the attackers will delete the data and move on.

More likely, the data will be distributed across the dark net (sold at first, but eventually available for free). Cyber criminals use these data to commit identity theft and fraudulent credit applications, or use the personal information to gain your trust in phishing attacks.

Below, we outline several steps you can take to proactively defend yourself, and how to detect and respond to malicious uses of your data and identity.

What should I do if I’ve been affected?

Step 1: Identify your most vulnerable accounts and secure them

Make a list of your most vulnerable accounts. What bank accounts do you hold? What about superannuation or brokerage accounts? Do you have important medical information on any services that thieves may use against you? What accounts are your credit card details saved to? Amazon and eBay are common targets as people often keep credit card details saved to those accounts.

Next, check how a password reset is done on these accounts. Does it merely require access to your text messages or email account? If so, you need to protect those accounts as well. Consider updating your password to a new – never before used – password for each account as a precaution.

Many accounts allow multi-factor authentication. This adds an extra layer for criminals to break through, for example by requesting an additional code to type in. Activate multi-factor authentication on your sensitive accounts, such as banks, superannuation and brokerage accounts.

Ideally, use an application like Google Authenticator[5] or Microsoft Authenticator[6] if the service allows, or an email that is not listed with Optus. Avoid having codes sent to your Optus phone number, as it’s at higher risk of being stolen.

Read more: There are systems 'guarding' your data in cyberspace – but who is guarding the guards?[7]

Step 2: Lock your SIM card and credit card if possible

One of the most immediate concerns will be using the leaked data to compromise your phone number, which is what many people use for their multi-factor authentication. SIM jacking[8] – getting a mobile phone provider to give access to a phone number they don’t own – will be a serious threat.

Most carriers allow you to add a verbal PIN as the second verification step, to prevent SIM jacking. While Optus has locked SIM cards temporarily, that lock is unlikely to last. Call your provider and ask for a verbal PIN to be added to your account. If you suddenly lose all mobile service in unusual circumstances, contact your provider to make sure you haven’t been SIM jacked.

To prevent identity theft, you can place a short-term freeze (or credit ban) on your credit checks. These can help stop criminals taking out credit in your name, but it makes applying for credit yourself difficult during the freeze. The three major credit report companies, Experian[9], Illion[10], and Equifax[11] offer this service.

If you can’t freeze your credit because you need access yourself, Equifax offers a paid credit alert service[12] to notify you of credit checks on your identity. If you get a suspicious credit alert, you can halt the process quickly by contacting the service that requested the report.

A notebook with several versions of fake passwords written down
Safeguarding your data online involves looking after your passwords properly. Vitalii Vodolazskyi/Shutterstock

Step 3: Improve your cyber hygiene

These breaches don’t exist in a vacuum. The personal information stolen from Optus may be used with other information cyber criminals find about you online; social media, your employer’s website, discussion forums and previous breaches provide additional information.

Many people have unknowingly been victims of cyber breaches in the past. You should check what information about you is available to cyber criminals by checking HaveIBeenPwned[13]. HaveIBeenPwned is operated by Australian security professional Troy Hunt, who maintains a database of known leaked data.

You can search your email accounts on the site to get a list of what breaches they have been involved in. Consider what passwords those accounts used. Are you using those passwords anywhere else?

Take extra care in verifying emails and text messages. Scammers use leaked information to make phishing attempts more credible and targeted. Never click links sent via text or email. Don’t assume someone calling from a company is legitimate, get the customer support number from their website, and call them on that number.

Creating unique and secure passwords for every service is the best defence you have. It is made easier using a password manager – many free apps are available – to manage your passwords. Don’t reuse passwords across multiple services, since they can be used to access other accounts.

If you aren’t using a password manager, you should at least keep unique passwords on your most vulnerable accounts, and avoid keeping digital records of them in email or in computer files while keeping any written passwords in a safe, secure, location.

I’ve been hacked, now what?

Sometimes you can do everything right, and still become a victim of a breach, so how do you know if you’ve been hacked and what can you do about it?

If you receive phone calls, emails or letters from financial institutions regarding a loan or service you know nothing about, call the institution and clarify the situation.

You should also contact IDCare[14], a not-for-profit organisation designed to assist victims of cyber-attacks and identity theft, for further guidance. You can also report cyber crimes – including identity theft – through CyberReport[15].

Read more: How vulnerable is your personal information? 4 essential reads[16]

References

  1. ^ announced on September 22 (www.optus.com.au)
  2. ^ Australian law (www.homeaffairs.gov.au)
  3. ^ How not to tell customers their data is at risk: the perils of the Optus approach (theconversation.com)
  4. ^ with an offer not to sell the data if Optus pays a US$1 million ransom (www.theguardian.com)
  5. ^ Google Authenticator (support.google.com)
  6. ^ Microsoft Authenticator (www.microsoft.com)
  7. ^ There are systems 'guarding' your data in cyberspace – but who is guarding the guards? (theconversation.com)
  8. ^ SIM jacking (blog.mozilla.org)
  9. ^ Experian (www.experian.com)
  10. ^ Illion (www.illion.com.au)
  11. ^ Equifax (www.equifax.com)
  12. ^ paid credit alert service (www.equifax.com)
  13. ^ HaveIBeenPwned (HaveIBeenPwned.com)
  14. ^ IDCare (www.idcare.org)
  15. ^ CyberReport (www.cyber.gov.au)
  16. ^ How vulnerable is your personal information? 4 essential reads (theconversation.com)

Read more https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332

The Times Features

Why You Need an Expert Electrician for Your Business’s Electrical Upgrades and Repairs

When it comes to maintaining and upgrading your business’s electrical systems, it’s essential to call in a professional. Electrical work in any commercial setting requires the ex...

Why Is It Crucial to Have a Building Inspection Done Before Buying a New Home?

Purchasing a new property is a big financial decision that can impact your future for years. Whether you are a first-time buyer or an investor, good or bad, it is essential to en...

Online Application for Sick Leave Certificate: Understanding When and How to Secure One

A sick leave certificate is an official document issued by a healthcare professional to verify an individual's inability to attend work due to illness. It typically includes the ...

A No-Fuss Guide to an Effective Beauty Routine

Taking care of the skin and appearance need not be complicated; it need not even consume your hours of time. Smart and simple approaches can give one that glow and fresh look witho...

Safe & Effective Tattoo Removal in Auckland – What You Need to Know

If you're looking for tattoo removal in Auckland, modern laser technology offers the safest and most effective way to fade or completely remove unwanted ink. Whether it's an outd...

Fleece-Lined Tights vs. Regular Tights: What’s the Difference?

When temperatures drop, choosing the right pair of tights can make a significant difference in comfort, warmth, and durability. Whether you wear tights for fashion, work, or outdoo...

Times Magazine

The Ultimate Guide to Apple Watch Faces & Trending Wallpapers

In today’s digital world, personalization is everything. Your smartwatch isn’t just a timepiece—it’s an extension of your style. Thanks to innovative third-party developers, customizing your Apple Watch has reached new heights with stunning designs...

The Power of Digital Signage in Modern Marketing

In a fast-paced digital world, businesses must find innovative ways to capture consumer attention. Digital signage has emerged as a powerful solution, offering dynamic and engaging content that attracts and retains customers. From retail stores to ...

Why Cloud Computing Is the Future of IT Infrastructure for Enterprises

Globally, cloud computing is changing the way business organizations manage their IT infrastructure. It offers cheap, flexible and scalable solutions. Cloud technologies are applied in organizations to facilitate procedures and optimize operation...

First Nations Writers Festival

The First Nations Writers Festival (FNWF) is back for its highly anticipated 2025 edition, continuing its mission to celebrate the voices, cultures and traditions of First Nations communities through literature, art and storytelling. Set to take ...

Improving Website Performance with a Cloud VPS

Websites represent the new mantra of success. One slow website may make escape for visitors along with income too. Therefore it's an extra offer to businesses seeking better performance with more scalability and, thus represents an added attracti...

Why You Should Choose Digital Printing for Your Next Project

In the rapidly evolving world of print media, digital printing has emerged as a cornerstone technology that revolutionises how businesses and creative professionals produce printed materials. Offering unparalleled flexibility, speed, and quality, d...

LayBy Shopping