Internet

Here’s what we know about the Optus cyber attack, and what you can do to protect your data

September 27, 2022
editor

By Evlin DuBose ·
· 6 minutes reading time

Fact-checking process and our editorial guidelines.”>

fact checked

Advertiser Disclosure

A gloved hand slides a key into a lock, like a hacker breaking into personal information.

Late last week, Optus announced that it had been the victim of a “sophisticated” cyberattack on customer data back in 2017. Here’s what you need to know about the data breach and how to protect your information.

Also Read :  ToledoTel Moving Forward With Massive Broadband Expansion; Winlock’s 2,300-Plus Homes and Businesses Wil Have High-Speed Internet

How was Optus hacked?

A locked smartphone on a yellow background.

Photo by Franck Do on Unsplash.

A criminal investigation is currently underway by the Australian Federal Police into the origins of the Optus cyberattack and the methods used by the telecom hackers. The breach was described as “sophisticated” because it used multiple European IP addresses that kept changing during the hack. Suspected perpetrators include cybercriminals or government-sponsored hackers. AFP is investigating multiple ransom notes posted on the deep web. While the authenticity of these ransoms has yet to be confirmed, early reports suggest these are “the real deal”.

Home Secretary Clare O’Neil, on the other hand, claims the attack was “simple” and has criticized Optus for making its systems vulnerable through an unprotected application programming interface (API), a computer program that allows software systems to communicate with one another.

In a statement to ABC, Optus CEO Kelly Bayer Rosemary replied, “Our data has been encrypted and we have multiple layers of protection.”

“We invest heavily in our cyber defences, and we really do everything we can to ensure our environment is secure.”

Because Optus is working with the AFP, specific details of the case cannot yet be publicly released, including exactly how the breach took place.

binoculars

When did the Optus attack happen?

The Optus attack was first reported on Thursday, September 22, 2022. Optus notified customers within 24 hours.

What personal data was stolen in the Optus breach?

Collage of the eyes of a person looking at a fingerprint from their smartphone.

Unfortunately, attackers stole some personal information during the Optus data breach. This includes customers:

  • whole names.
  • dates of birth.
  • phone numbers.
  • Email address.

A smaller group of customers may also have had their home addresses and government-issued identification, such as passports or driver’s license numbers, stolen. Medicare card numbers may also have been stolen. Stealing those official ID documents is a huge thing as hackers can effectively impersonate you when signing up for loans or other financial services. Identity theft can have serious consequences for your finances and credit score.

According to Optus, the following data was not compromised:

  • Messages (SMS and MMS).
  • voice calls.
  • Account billing and payment details.
  • account passwords.

Mobile and private Internet services are also not affected, says Optus.

Who is affected by the Optus data breach?

Collage of hands holding smartphone breaking out from a blue couch.

The ABC estimates that up to 9.8 million Australians could have their data compromised as a result of the attack, with 2.8 million severely affected. Optus is in the process of notifying customers affected by the data breach, although news outlets are reporting that many users have had to contact the telco directly to find out if they were involved.

Optus executives warned back in 2017 that the attack was affecting customers, so even former Optus users should take note.

According to Optus, customers on Optus MVNOs like amaysim are not affected.

What should I do about the Optus data breach?

Collage of a hand holding a smartphone while tape sticks a social media heart to it.

If you’re concerned that your data has been breached, it’s important to monitor your accounts for suspicious activity and report any you see to the appropriate provider. Be wary of spam calls/texts/emails, including on social media, and never click on suspicious links.

Banks, government agencies and other institutions have made it a policy never to contact you by text, phone or email asking for personal information. If you receive suspicious communications, do not share your information. You can contact the vendor directly to follow up, or check the ACCC’s Scamwatch to see if similar scams have occurred.

Optus has expressly stated that it will not send links in any privacy breach email. So if you get an email from “Optus” with a “Click here for more details” button, it’s probably not from the telco. Optus will post updates on the consequences of the data breach on the Optus Mediahub.

You can contact Optus via the MyOptus app, which the telecom company says is the safest way to contact them, or by calling 133 937. Note that waiting times may be longer than usual due to the aftermath of the attack.

Take some time to check your security, e.g. B. Changing bank passwords and accounts associated with your cell phone plan. Enable multi-factor authentication. Apps like Google Authenticator can replace your email address or phone number if your data has been compromised. If you’re eligible, you’ll receive a free credit check to determine if a scammer may be running into debt on your behalf.

For more resources on protecting your personal information online, visit:

If your identity is stolen, apply for a Commonwealth Victim Certificate, which can assist you in recovering your identity.

How can I protect my data on my mobile phone?

A hand holds a smartphone with an active VPN.

Photo by Dan Nelson on Unsplash.

Mobile phones are generally quite difficult to hack, especially products that use iOS like Apple’s iPhone. However, it is still possible for a virus to infect your phone and cyber criminals can hack mobile apps.

Enable two-factor authentication for all your accounts, especially mobile banking or money management apps. This helps protect your data as hackers will need more than just your password to access your account. You can also download a VPN app to protect your connection while browsing the web. Also, make regular backups of your phone’s data to a secure hard drive.

What is Optus doing against the cyber attack?

Collage of a hand calling a vintage rotary phone while legs disappear into the receiver.

Optus is working with AFP, OAIC and other regulators to investigate the attack and protect against further data breaches. In response to the attack, the federal government is set to announce new data security measures to protect Australians, but is awaiting information on the cause of the breach.

Optus has temporarily suspended its online or phone SIM swaps and replacements, as well as all ownership change requests, to prevent criminals from taking control of accounts. These processes can instead be completed with the appropriate ID in store.

Optus has not yet announced a compensation plan for victims affected by the data breach, including customers who pay for out-of-pocket credit reports, security checks, or replacement ID/passports.

Is Optus still a good cellular provider?

Two people with smartphones, one stretches out his hand, the other flinches. Collage.

Optus’ data breach has infuriated many current and former customers. Complaints have been leveled at the inadequate notification of potential victims, the lack of practical advice and the emphasis on personal responsibility over corporate accountability.

Ex-customers have been particularly vocal about Optus’ absurd data storage, as it also implicates users who gave up back in 2017.

Current Australian metadata laws require telecom companies like Optus to retain customer data for up to two years after an account is closed. An inside source told ABC, “It annoys me that people think Optus and others want this data – it’s necessary for metadata laws – we don’t.”

“People act like data is gold – it’s not; it’s uranium – super useful when used properly, and incredibly dangerous if left lying around.”

While the responsibility for protecting consumer privacy rests with Optus, the government needs to overhaul personal data laws to keep up with modern times.

In the meantime, Optus claims that its systems are secure, stable and ready for further use. The wireless provider won multiple 2022 Mozo Experts Choice Mobile Plan Awards, including Mobile Plan Provider of the Year 5G for its 5G wireless network.

However, if you’re looking to switch cellphone providers, you can browse our best cellphone site to find other award-winning telecoms providers, highly rated by experts and fellow Australians for excellent service, coverage and more.

More Optus data breach FAQs

Is a data leak serious?

The consequences of a data breach for a company and its customers can be severe. Financially, data leaks can cost institutions millions in press, tech upgrades, staffing, customer support, and more. For customers, the loss of privacy can be an inconvenience at best, an injury at worst. They may have to pay for support services or repeat official documents, and need to be extra vigilant against scammers after the attack.

Browse and compare cell phone plans below.