Caught up in the Optus Breach? Here’s what to do.
Unfortunately, your details are now out there on the internet for any malicious actor to access, but there are things you can do to reduce your risk of identity misuse.
First thing, as an Optus customer you will receive a notification from Optus detailing the documents that were exposed in the breach. Most people will only have their personal details exposed such as name, phone number and maybe address.
If you fall into this category, your risk of misuse and identity theft is low, but there are things you should do to reduce them further.
Change your password for Optus and any related accounts, as well as any accounts you used the same password for. A strong password consists of at least 11 characters, and is not a dictionary word. I like to use a mix of a few shortened words that I can remember. A good practice is to use a password manager to generate unique passwords for all your accounts, that way you only need to remember 1 strong password. Bitwarden is a great free tool, but there are many others you might prefer.
Update: This is not a necessary step as passwords were not exposed in the breach. Good practice to do it anyway though.
Enable 2 Factor Authentication on as many accounts as possible. This means that in addition to your password, you will be sent a one time password to enter upon logging in. This option is usually in the “password” or “security” settings of an online account. They may also call it Multi factor Authentication, or by either acronym “2FA”, or “MFA”. The process from there is as simple as entering your phone number to receive the code or linking an authenticator app. Either way, your accounts are much more secure because an attacker would need your password and your phone to be able to log in.
If you are one of the unfortunate few that also had identity documents exposed in the breach, in addition to the above, there are some further steps you can take.
Apply for a renewal or reissue of your documents. You can get new documents with new document numbers for Passport, Medicare cards, and Driver Licences depending on the state they were issued. This is definitely worth looking into as it significantly reduces the chances of the exposed identity documents being used fraudulently with the old document numbers.
Apply for a credit check and credit ban. In Australia, you can get three free credit reports each year from the main credit reporting agencies (Experian, Illion, and Equifax – 1 check each per year). This will show you all the lines of credit currently open in your name, which can be a great way to spot identity theft if someone has taken out a loan with your identity.
These agencies also allow you to put a temporary credit ban or block on your name, which will stop all attempts to take out credit with your identity, which can be very useful while waiting for new identity credentials, but only if you are not planning to take out credit yourself.
Finally, monitor your accounts for any suspicious activity, scammers are very resourceful and can often manage to social engineer their way into controlling an account with only basic account information.
Other than that, good luck, it’s a shame that this happened, but hopefully it forces companies to be more careful about how they handle customer data, and maybe they’ll even consider reducing the amount of data they collect, even if only to reduce their liability in cases like this.