- Scams may follow the leak of personal information and proof of identity documents
- Affected consumers urged to be on high alert for approaches by scammers
- Devices should be secured and accounts monitored closely for unusual activity
Current and former Optus customers affected by the data breach are being urged by Consumer Protection to be vigilant over the coming weeks for scams and misuse of their identity.
In addition to following any advice from Optus, consumers should take their own steps to secure their accounts and be on guard for any unauthorised activity.
Commissioner for Consumer Protection Gary Newcombe said this has been a very significant breach of trust in relation to Optus customers’ personal information.
“Those affected, which it seems can include people who have not been customers of Optus for a lengthy period, are at risk of having their identity stolen and may become the target of scammers,” Mr Newcombe said.
“This is not the time to be complacent as there is a real risk to current and former Optus customers who may have had important proof of identity documents stolen and used for criminal purposes.
“These documents may include their name, date of birth, phone number and email address, as well as driver’s licence, Medicare and passport numbers. All of these details are highly sought after by scammers and undoubtedly they will be used if they get hold of them.
“This sort of information can be used to directly contact people with scams or be used to try to apply for loans, open bank accounts or undertake other transactions in their name.
“While everyone needs to be alert to scams, current and former Optus customers now need to be especially alert. Do not click on any links in emails or text messages and don’t provide any information to people who might contact you out of the blue.
“We have released a list of recommended actions that may assist affected consumers in protecting their identity and accounts and prevent any financial losses as a result of this major data breach. A little time spent now on protecting yourself could prevent significant heartache later.”
Checklist of recommended actions and contacts for more information and advice:
- If you are concerned that your Optus account has been compromised or that you suffered any loss as a result of this data breach, and you have not yet received advice direct from Optus, contact Optus via the My Optus app or call them on 133 937.
- Change account passwords and enable multi-factor authentication for banking and any other accounts where this is available.
- Monitor your bank accounts for any unusual or unauthorised activity and contact your financial institution immediately if you have any concerns.
- Put credit and transfer limits on your accounts and act on any advice about other protective measures your financial institution recommends.
- If you have been advised that information about your drivers’ licence or passport has been leaked, consider obtaining a credit report which will reveal if someone has tried to obtain credit in your name. More information on ASIC’s Moneysmart website.
- If you suspect fraud, you can request a ban on your credit report which ‘freezes’ access to your credit file.
- If you get a call from someone posing as a credible organisation, such as a government agency or your telecommunications provider, who ask for personal information, always say no and contact that organisation by their published telephone number to confirm any issues.
- If anyone contacts you seeking access to your computer just say no. Legitimate operators do not do this.
- If you are the target or victim of a scam or believe your accounts have been compromised, lodge an online report via the Australian Cyber Security Centre (ACSC).
- If you think someone has stolen your identity, contact IDCARE, a national identity and cyber support service on 1800 595 160. They have published a Response Fact sheet specifically relating to the Optus breach.
- Optus customers who have been notified by Optus that their driver’s licence details have been released are advised by the Department of Transport to attend one of its Driver and Vehicle Service Centres with a copy of the Optus breach notice, plus two forms of primary identification to obtain a new driver’s licence.
- Optus customers who have been notified by Optus that their passport details have been released can apply to the Australian Passport Office to cancel their existing passport and apply for a new one. This will involve a cost and may delay planned travel. More information is available from the Australian Passport Office.
- You can also report the leak of your passport number to the Australian Cyber Security Centre (ACSC). After submitting your report you will receive a reference number that may assist you when communicating with banks, financial institutions, superannuation funds, Commonwealth Government agencies and other organisations.
- Medicare numbers of Optus customers may also have been leaked. The Commonwealth Government is still considering if new cards will need to be issued. Be alert to advice from the Commonwealth about this.
- If you incur any costs as a result of the Optus data breach, keep receipts and documentation as you may have a claim against Optus for compensation.