Australia’s second-largest telco was hacked this week, impacting millions of customers around Australia. Here’s what happened and what you need to do to protect yourself after the Optus hack.
What Happened In The Optus Hack?
Optus is the largest Australian telco to be hit by hackers.
- Optus is Australia’s second-largest telco
- Optus is a subsidiary of Singtel
- As of 2019 the company has 10.5 million subscribers
- Telcos are popular targets for both state-based and criminal hackers. Last year, T-Mobile,
the second largest mobile carrier in the U.S. had the personal information of at least 47 million
customers were stolen by hackers.
The Optus Hack – Key Facts
On the 22nd of September 2022, Optus announced via a press release that it was dealing with a cyberattack.
- The attack was immediately shut down.
- The company is investigating the incident.
- The company did not disclose details of the security breach.
- The threat actor might have stolen the personal data of its customers.
Optus didn’t say how many users were impacted by this incident, but the number may be as
high as 9.8 million.
Optus notified the Australian Cyber Security Centre, Australian Federal Police, and the
Office of the Australian Information Commissioner.
Major financial institutions were also notified.
As this is now the subject of an ongoing criminal investigation it could be some time before
further details are released.
The Impact
Personal information which may have been exposed includes:
- Customers’ names
- Dates of birth
- Phone numbers
- Email addresses
- Addresses
- ID document numbers such as driver’s licenses or passport numbers.
The data breach includes current and former customers’ information.
Stolen personal information could be used for:
- Identity theft, especially to compromise bank accounts.
- To create convincing email, social messaging, SMS or phone phishing attacks.
Optus says it is in the process of contacting customers who have been impacted directly.
Optus says it will offer expert third-party monitoring services. We’re not sure yet what that means.
SIM Swaps & Replacements and Change of Ownership have been temporarily halted via Optus online, phone, and messaging support, but can still be done at Optus Retail locations
What’s Not Affected
At the date of publishing this post, Optus reports they are not currently aware of any customers having suffered harm because of the attack.
- Billing and payment details and account passwords were not compromised.
- Optus services, including mobile and home internet, wholesale, satellite, and enterprise customers are not affected.
- Attackers did not have access to messages and voice calls.
- Amaysim, Circles, Life, Southern Phone, and Singtel customer data are not affected.
What Should I Do If I’ve Been Affected By The Optus Hack?
If you’re worried about what you should do if you’ve been affected by the Optus hacking scandal, here’s what you need to look out for:
- If you are a current and former customer, you should be vigilant and monitor any suspicious activity.
- Have a heightened awareness across your bank accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.
- Report any fraudulent activity immediately to the related provider.
- Be extra cautious with emails, texts, or social media messages from unknown or suspicious senders or phone calls from unknown callers.
- Never click on any links that look suspicious and never provide your passwords or any personal or financial information.
Optus encouraged customers to consult reputable sources of information about fraud, such as –
Customers with specific concerns can contact Optus via the My Optus App (recommended) or by calling 133 937.
Business customers can contact Optus on 133 343 or their account manager.
Optus will not send links in emails or SMS messages.
Update
Since the Optus hack was announced on 22 September, new information has slowly been released:
- Data from the hack had been offered for sale online since September 17.
- Minister O’Neil confirmed that “some personal data of 9.8 million Australians” have been exposed, and “of those, 2.8 million Australians significant amounts of personal data has been taken”.
- The government called on Optus to provide free credit monitoring.
- The government demanded that Optus pay for replacement passports for those affected by the breach and Optus agreed to pay for replacement passports.
- Optus advised affected customers to get new documents.
Minister for Cyber Security, Clare O’Neil, advised victims of the Optus breach to follow Optus’ advice and get new documents:
“If you are one of those 10,200 people, we advise you should immediately cancel relevant ID cards, your passport and do whatever else is needed to ensure that you are getting new identity documents based on the email from Optus”, she said. - Replacement of driving licenses is to be handled by State and Territory governments.
- VicRoads launched a landing page for impacted Victorian drivers to register license details for flagging and replacement.
- Major law firms have commenced what is expected to be the largest class action case in Australian legal history.
- A man was arrested for an alleged data breach scam using some of the stolen Optus data, which are freely available online, demonstrating that victims should take the issue seriously. More such identity scams are likely to come.
What Else Should I Do If I’ve Been Affected?
As well as the steps noted above:
- Investigate and put in place processes in motion to replace your personal documents.
- Continue to be vigilant about account activities.
- Check statements and identify all charges.
- Adopt best practices for password management:
- Unique complex passwords for every site or platform.
- Use a password manager to generate, store and retrieve your passwords.
- Use multifactor authentication (MFA, or 2FA) wherever possible.
