On the 22nd of September 2022, hackers managed to steal the data of around 10 million Optus customers/ex-customers. Optus is one of many large companies to experience a data breach this year, along with companies such as Uber, DoorDash, and Dialog (owned by SingTel – the Singaporean telecommunications conglomerate which owns Optus).
Optus claims that it was a sophisticated attack, though reports indicate that the breach happened via an open API – which suggests the attack wasn’t as sophisticated as Optus claims. The stolen data includes names, addresses, phone numbers, dates of birth, email addresses, and for some customers, passport, drivers license, and medicare numbers.
If your data was stolen, you will be contacted by Optus (likely via email). Those who have had their data leaked will be at heightened risk of being scammed and having their identity stolen. Here’s a few things you can do to help reduce this risk.
- While passwords weren’t stolen, it’s always good practice and a precautionary measure to reset passwords with associated accounts.
- Enable 2FA on associated accounts.
- Contact your bank and superannuation company and notify them that your details have been compromised and request that they do extra checks until the ID you provided Optus expires.
- Be particularly vigilant of scams and any unusual activity that might suggest that someone is trying to use your identity.
Among other things, penetration testing on the APIs or and audit of the network setup could have prevented this. Vertex Cyber Security does penetration testing, cyber security audits, and much more to improve businesses cyber security. If you would like to talk to our cyber security experts, feel free to contact us on 1300 2 CYBER (29237) or .