What to do about the Optus and future data breaches?

SYD

Enthusiast
Joined
Oct 5, 2009
Posts
10,273
Qantas
Platinum
Virgin
Gold
Oneworld
Emerald
Quite a few of us have or used to have Optus via a range of deals and promos but rather than clog some of the related threads:


It might be useful to have a thread on what proactive actions we should take this time (and be ready in the future for the inevitable next data breach). Hey, we still don’t even know what actually happened over at IHG recently?

Here‘s the link on the Optus website with updates on what’s occurred and what they’ve done/doing:

There‘s the general info about being on the alert from direct phishing scams (calls, emails, txt) using very detailed PII but for those of us who potentially have had DL or PP numbers disclosed (along with name, address and DOB), the potential for identify theft is very high. There are some useful links here although mostly around what to do if you’ve already been hacked and/or a victim of identity theft.

Being a bit more proactive is a good idea. I’ve already run the three free credit checks to get a baseline and where possible set up alerts for changes. So far, that’s been free, although there are paid services.

Pretty sure I have 2FA enabled for most if not all existing sensitive online services. I use a range of email addresses but I’ll probably progressively change the services that used the same as Optus. I’ve already changed the one used for Optus…

I obviously can’t just change my DOB, home address nor do I want to cancel my drivers licence. Which is a PITA since they’re intrinsically linked!

What are others doing/done?
 
Some industry coverage:

and a Podcast I’m about to listen two while stepping out on a treadmill…
SPECIAL EPISODE: Millions of Australians at risk of identity theft from Optus hack
 
Some industry coverage:

and a Podcast I’m about to listen two while stepping out on a treadmill…
SPECIAL EPISODE: Millions of Australians at risk of identity theft from Optus hack
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
 
Importantly, no financial information or passwords have been accessed.
and apparently no images of ID but it’s not clear if, in the case of a DL they have recorded both numbers (DL *and* card number and maybe expiry date).

I have alerts set on my CC and BK accounts, so generally would notice any strange activity and I’d be able to alert the relevant financial institution.

I actually will contact them and get it recorded that I’m part of the data breach.
 

The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete
 
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
Have you not taken a new plan or upgraded your phone on a plan in the last years? That's where my drivers licence was needed.
 
Yeah, they’re not supposed to hang onto it!

But some useful info and links there. I’ll check out the link on specific data to see what it tells me.

Regarding the dodgy API story, apparently that’s been refuted. Either way, damage is done.
Post automatically merged:


The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete
 
Last edited:

The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete

Well, I just used that article and did the search as suggested, and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
 
Just heard on ABC News Radio that Optus will be offering 12 mths free access to one of the credit monitoring services. Which normally costs ~$10 pm +/-.

Does VA still offer WPs a comp Secure Sentinal account? I recall they were a pain to deal with to cancel after the comp period…
Post automatically merged:

Well, I used that article and did the search as suggested and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
I’m still on a treadmill…😀 But is it just the DL number or the other important info (at least for NSW), Card # and Exp date?
 
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
 
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
Which is probably a sign that your possibly not on the list.
 
Last edited:
I've been hit and Optus have my DL details. The steps I've taken so far:
  • Log in to Credit Savvy (Experian), Credit Simple (ilion/D&B) and GetCreditScore (Equifax) to confirm no new enquiries or accounts (didn't expect any at this stage but wanted to establish a baseline)
  • Request a credit ban and report it to other agencies, which will protect against enquiries for the next 21 days
I'll give Optus the benefit of the doubt that they'll provide access to a credit monitoring service within those 21 days (or further extend it if I need to). All of the above are free and it's a pretty comprehensive way of protecting from financial misuse of my data for the short term. Long term is another story (and if attackers were smart they'd just hold off a year before they use the data, most people aren't in a position to change their name, address, DOB or DL details in the next 12 months anyway)
 
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
Check your junk mail. That's where mine went.
I've now put a 21 day ban on accessing my credit file which means I will receive an email if someone tries to access it. With Equifax.

I have renewed my DL in last 12 months but the number used doesn't change. I've never been asked for expiry date on DL so 🤷‍♀️
 
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
I don’t see much relevance in the ‘passwords not accessed’. So what if they can access my optus account and order something from the optus store… that’s easy for optus to fix.

But armed with everything else… passport or DL, address, date of birth, phone number… you could do a lot of damage with that alone. Passwords to other accounts can be changed or reset with a lot of that previous information.

Bit late for optus to be coming out now saying they will pay for credit-monitoring services. That should have been stated on day one. Why the delay?
 
Just heard on ABC News Radio that Optus will be offering 12 mths free access to one of the credit monitoring services. Which normally costs ~$10 pm +/-.

Does VA still offer WPs a comp Secure Sentinal account? I recall they were a pain to deal with to cancel after the comp period…
Post automatically merged:


I’m still on a treadmill…😀 But is it just the DL number or the other important info (at least for NSW), Card # and Exp date?
The detail exposed by Optus does include DL # if held, but not card number of expiry date. In may case the Optus data does not show my full legal name (Firstname, MiddleName, FamilyName), just shows my shortened Firstname and FamilyName.
 
Turn business expenses into Business Class! Process $10,000 through pay.com.au to score 20,000 bonus PayRewards Points and join 30k+ savvy business owners enjoying these benefits:

- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

In may case the Optus data does not show my full legal name (Firstname, MiddleName, FamilyName), just shows my shortened Firstname and FamilyName.
Mine is complete, unfortunately. You were lucky.
 
I've been hit and Optus have my DL details. The steps I've taken so far:
  • Log in to Credit Savvy (Experian), Credit Simple (ilion/D&B) and GetCreditScore (Equifax) to confirm no new enquiries or accounts (didn't expect any at this stage but wanted to establish a baseline)
  • Request a credit ban and report it to other agencies, which will protect against enquiries for the next 21 days
I'll give Optus the benefit of the doubt that they'll provide access to a credit monitoring service within those 21 days (or further extend it if I need to). All of the above are free and it's a pretty comprehensive way of protecting from financial misuse of my data for the short term. Long term is another story (and if attackers were smart they'd just hold off a year before they use the data, most people aren't in a position to change their name, address, DOB or DL details in the next 12 months anyway)
I meant to mention “Credit ban” in my first post. I haven’t done it yet (I wasn’t entirely sure of the consequence but will do it shortly).
 
Well, I just used that article and did the search as suggested, and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
Yep, my DL # is still there but no home address (did anyone else see their address?). Pity they didn’t just enter the card number, I’ve renewed my DL since opening the Optus account….
My name is incomplete (only middle initial but it wouldn’t be hard to guess - in my case). Looks like DoB isn’t correct (it doesn’t even look like a computer coded version but I’m might be wrong)?
I‘ve since changed my email address. The one I used has been pretty well Spam free for years. If i start getting random cough, I’ll know why.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top