HomeMortgagesResources 
Talk to a Lending Specialist

Request a Call Back
from a lending specialist

Book a time that's convenient for you and one of our loan specialists will give you a call

  • Request a
    call back

    • One of our loan specialists will contact
      you by phone at a time thats convenient for you


Optus Data Breach - here’s what you can do to protect yourself

Optus and the Australian Federal Police are working to resolve the data breach, which potentially exposed customers’ names, dates of birth, phone numbers, email addresses, and for a few customers, addresses, ID document numbers such as driver’s licenses or passport numbers.

Following this data breach, we want to reassure our customers that we also have our own procedures in place to deal with data privacy and security. However, we understand that as this is not an everyday occurrence, it can be troubling so we have pulled together some simple, quick steps you can take to further minimise any risk.

We have gathered information for some of the action steps you can take from various leading organisations and experts, including Associate Professor in Cyber Security Studies, Macquarie University, Jeffrey Foster who has co–authored an article in The Conversation, outlining preventative measures those who may have been affected by the Optus data breach can take to ensure their risk is minimised.

Below are the simple steps to ensure you are doing what you can.

 

Step 1 Check with Optus for assistance

The Office of the Australian Information Commissioner (OAIC) is telling anyone who thinks they may be affected to contact Optus immediately. The office said to try the Optus website first before calling the company on 133 937.

They are offering “the most affected current and former customers” a free 12-month subscription to credit monitoring and identity protection service Equifax Protect. “The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,” Optus said on Monday.

Step 2 Identify where you are most vulnerable, and secure these accounts.

Create a checklist of your:

  • bank accounts
  • superannuation
  • brokerage accounts
  • medical information or services
  • Amazon and eBay where credit card details are stored
  • any other accounts where card details are kept

Then check how a password reset is done for those accounts. If it is solely through access to text messages or email, you need to protect those accounts too. It may be worth updating your password to a new, not previously used one.

Step 3 Where you are able, lock your SIM card and credit card

As most people use their phone numbers for multi-factor authentication, it is important to protect against what is known as SIM jacking.

SIM jacking is where access to a phone number is given by the provider to someone that doesn’t own it. Although Optus currently has locked SIM cards, it may not be permanent, so asking for additional security via a verbal PIN added onto your account is a wise move.

Regarding potential identity theft, it’s possible to freeze your credit checks which will help to stop criminals from applying for credit in your name. Experian, Illion, and Equifax are the three main credit report companies and they all offer this service.

Unfortunately, this means you will find your own applications for credit made difficult during this time, so an alternative offered through Equifax is a paid credit alert service that notifies you of any credit checks on your identity. This enables you to pause the credit check process by contacting the service that asked for the report.

Follow the below link to request a credit history:

Follow the below link to request a credit ban:

Step 4 Renew your drivers license

Many states are now offering to renew drivers licenses for free, so check with the license issuer in your particular state.

Those concerned or affected can replace their Medicare card online through myGov, which will create a new card with the same number apart from the final digit at no cost. This will prevent the old card details be used for fraudulent purposes.

In order to access your myGov account or to link it with Medicare, you’ll need to provide answers to a series of personal questions.

Services Australia advises customers to ensure their myGov password and PIN can’t be easily guessed and that it is different from those used for other online accounts.

There is also a sign-in option to require an SMS code for sign-in, which makes it harder for people to compromise your account.

If you believe your Medicare or Centrelink account has been compromised, you can call the Scams and Identity Theft Help Desk.

Step 5
Take proactive steps to reduce your cyber security risk

As there is now so much information available online about us, whether it’s through social media, your employers website, discussion forums, or even from previous unknown breaches, it can be helpful to check what information may be accessible to cyber criminals through a website such as HaveIBeenPwned, which is owned and operated by Australian security expert, Troy Hunt.

To use this website, you simply need to search your email accounts on there and it will detail any breaches they have been involved with. This will help you if you are using the same passwords on other accounts. One of the easiest ways to minimise cyber risk is to use unique and strong passwords for each account you have.

 

How do I know if I’ve been hacked, and what can I do?

Being aware of any contact from financial or other institutions about a loan or service you didn’t ask for is a cause for concern and you would want to contact the institution for more details and clarify the situation with them.

IDCare is a not-for-profit that exists to assist those who have been affected by cyber attacks or identity theft. They have factsheets available on their website for further information for those concerned about data breaches.