CISO Corner

Optus Data Breach

What has happened?

On the 21st of September 2022, Australia’s second-largest mobile service provider suffered a cyber-attack resulting in a massive data breach. Action has been taken to block the attack, and services such as messages, voicemails, mobile, and home internet have not been affected. It is believed that the perpetrators are working for a state-sponsored or criminal organisation.

It’s estimated that up to 9.8 million Australians could have their data compromised due to the attack, with 2.8 million severely impacted.

Information Exposed

Optus has confirmed the data exposed primarily consists of customers’ personal information. This includes names, contact details, addresses, date of birth, and private documents such as passports and license details. Optus has confirmed more sensitive information such as account passwords and payment details have not been compromised.

The Office of the Australian Information Commissioner (OAIC) has expressed its concern that “Even if a thief only accesses a small amount of your personal information, they may be able to steal your identity if they can find out more about you from public sources. This includes social media accounts which may include your date of birth, photos, and information about your family”.

Does this affect you?

If you’re an Optus customer, there is a possibility that your personal details have been leaked. Optus is currently in the process of contacting customers that have been impacted by this.

What you should do

Optus has advised all customers to have a heightened awareness and keep an eye out for any suspicious activity on their accounts. Keep an eye out for the following:

  • Suspicious emails, texts, calls, or messages on social media.
  • Look out for any suspicious activity across all your online accounts including bank accounts. If you suspect any suspicious activity, report it to the relevant provider.
  • Do not click on any suspicious links or provide any passwords, personal or financial information.
  • Educate yourself on the risks surrounding a data breach, Scamwatch has a range of useful information available surrounding the situation.
  • Optus is offering severely impacted customers a free 12-month subscription to Equifax, this service offers credit monitoring and identity protection.

To help protect you against fraud and identity theft, we encourage you to read the below articles:

As a general reminder, please ensure you’re not using your UNE credentials for any other online accounts.

If you notice any suspicious activity on your account or believe your account has been compromised, Optus has advised you to contact them via the My Optus App or call 133 937 for consumer customers. Due to the impact of the cyber-attack, wait times may be longer than usual. IDCARE is a not-for-profit charity that provides support and guidance relating to cyber and identity-related issues. They can assist with reducing the harm you will experience from identity theft.

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to servicedesk@une.edu.au, +61 (2) 67735000.

Thanks for your support in helping us maintain the cyber security integrity of UNE.

Sources:

Optus media release

Submit a Comment

Your email address will not be published. Required fields are marked *