Optus Data Breach – The Latest Advice on What You Should do if You’ve Been a Victim
Marty Haak
AI and Automation??Technology??Microsoft 365??Cloud Solutions??Cybersecurity??Keynote Speaker??How optimised and secure is your technology? Take our free Cyber Intelligence Health Check in my FEATURED section below
What data was stolen?
According to Optus, the stolen data includes:
·???????Names
·???????email addresses
·???????postal addresses
·???????phone numbers
·???????dates of birth
·???????passport numbers
·???????driver’s licence numbers
·???????Medicare numbers
Contrary to some reports, passwords and financial information were not stolen.
However, this is a great opportunity for your to do some “spring cleaning” and improve your password and Cybersecurity hygiene.
Firstly, get yourself a password manager, such as LastPass, so you can not only store all your passwords securely, you can use the manager to:
DON’T make up your own passwords.
Password managers create random, unique passwords, and let you set the complexity and length.
We recommend:
Set a complex and easy to remember master password for your password manager.
We recommend a sentence with upper and lowercase, numbers and a symbol. E.g. ILoveParisInSpring2022! is a strong password.
For any sites or services, you’ve subscribed to that offer multifactor authentication for your online accounts, turning this on is a must. Only certain sites force multifactor authentication on you, such as financial accounting packages such as Xero and MYOB.
For any others, the best thing to do is to Google “How to turn on multifactor for %INSERT SERVICE HERE%” and you should be able to find an FAQ page for that service explaining how to enable it.
This is your first line of defence!
Now, not all multifactor authentication is created equal. Some are more secure than others. e.g. getting a code sent to your email or sending an SMS to your mobile is not recommended. This is worth a separate post. Watch this space!
However, some sort of MFA is better than nothing. ?
What Else Should You Do?
Contact your local Road and Traffic Authority
The New South Wales, Victoria, Queensland, and South Australia governments have started clearing bureaucratic hurdles for anyone who can prove they are victims of the hack.
Each state has different laws and processes, so be sure to check out your local Road and Traffic Authority website for more information.
领英推荐
Medicare
All the customers who have an unexpired Medicare card will be contacted by Optus. There are a further 22,000 expired Medicare card numbers that were exposed, and the holders of those cards will also be contacted directly. It's worth noting that Optus says?personal information cannot be accessed using just a Medicare number.
Credit Reporting
Optus is providing one year of free Equifax credit reporting, identify and credit monitoring tool. Contact Optus for a code - then go to?https://www.equifax.com.au/optus??
Put a temporary ban on your credit reporting - this will block anyone from applying for credit in your name. Extensions to the ban are possible under certain circumstances, especially if you suspect you’ve been the target of identity theft or Cybercrime.?https://www.equifax.com.au/eform/submit/credit-ban???
Banking
Make sure all your financial systems have multi-factor authentication. Surprisingly, and perhaps even shockingly, some banks and financial institutions don't force MFA on you, and some don't even offer it.
Contact your bank and notify them your data has been breached in the Optus breach and ask them to put a note on your file.
How do I?replace my passport?
You can replace your passport by:
·???????going through?Passport replacement portal
·???????picking up a form at a participating?Australia Post outlet
·???????contacting an Australian diplomatic or consular mission
Further Information
If you think you may be affected by the recent Optus data breach,?contact Optus Customer service on 133 937.?Optus Media Centre | Optus
If you need assistance with taking these steps, please visit?cyber.gov.au or on 1300 CYBER1 hotline
Be alert for scams referencing the Optus data breach. Learn how to protect yourself from scams by visiting?www.scamwatch.gov.au.
If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call?IDCARE?on?1800 595 160.?
If your identity has been stolen,?you can?apply for a Commonwealth Victims' Certificate?
The following websites can help you protect yourself and stay informed:
·??????Identity theft | Moneysmart
·??????Identity fraud | OAIC
·???????Report cybercrime | https://www.cyber.gov.au/acsc/report
Complaints
If you wish to make a privacy complaint, If you have been affected by the data breach and wish to make a privacy complaint, you can raise this with?Optus.?
If you are unable to resolve your complaint with Optus, you may wish to lodge a complaint with the?Telecommunications Industry Ombudsman. If you are unsatisfied with the outcome, you can?lodge a privacy complaint with the Office of the Australian Information Commissioner.
Credit:
The Guardian Optus data breach: everything we know so far about what happened | Optus | The Guardian
Australian Goverment Optus Data Breach | Australian Passport Office (passports.gov.au)
Technology Coach for businesses who need to know the answer to; "Will the Solution Meet the Business Need"
2 年Interesting Marty your advice is for those who might have been compromised. There is a swathe of businesses out there whose very existence is threatened by the possibility of new and far-reaching responsibilities. (OPTUS to finance new Passports, Medicare Id's,etc. If your business has ANY exposure under the current privacy legislation, to report and advise clients of the information "YOU HAVE LOST" about them. And this information may cause harm, it is your responsibility to make good on the effect. If you do not at the moment you'll lose your customers and your business, if the government updates the liabilities in the Act then there is severe financial exposure to you, you might just lose your personal wealth. Please consult with your cyber liability insurer, if you don't have one, get one, if you have one what are the exposure limits? These should be approaching the public liability values in the $10's of millions. PS Optus will be up for shedloads of cash!