What to do about the Optus and future data breaches?

SYD

SYD

Enthusiast
Joined
Oct 5, 2009
Posts
10,278
Qantas
Platinum
Virgin
Gold
Oneworld
Emerald
Quite a few of us have or used to have Optus via a range of deals and promos but rather than clog some of the related threads:

Optus new $50 SIM only with roaming

Optus have a new $50/mth SIM only plan with unlimited calls and data in “Zone 1” countries, and 4GB Roaming Data a month. I think it’s probably one of the best roaming deals out there as there’s no daily fee, and no limit on number of days as far as I can see. I found out about it in my The...
www.australianfrequentflyer.com.au www.australianfrequentflyer.com.au

Optus $99/Mth Sim Only Plan - 60,000 Qf Pts

Unsure how long this has been going but just popped up on my social media feed. Seems to expire on the 17th. $99/mth with the 60,000pts credited after 3 months. Seems a reasonable deal. I vowed never to go back to Optus after a previous issue but considering switching for 3 months for this...
www.australianfrequentflyer.com.au www.australianfrequentflyer.com.au

It might be useful to have a thread on what proactive actions we should take this time (and be ready in the future for the inevitable next data breach). Hey, we still don’t even know what actually happened over at IHG recently?

Here‘s the link on the Optus website with updates on what’s occurred and what they’ve done/doing:

There‘s the general info about being on the alert from direct phishing scams (calls, emails, txt) using very detailed PII but for those of us who potentially have had DL or PP numbers disclosed (along with name, address and DOB), the potential for identify theft is very high. There are some useful links here although mostly around what to do if you’ve already been hacked and/or a victim of identity theft.

Being a bit more proactive is a good idea. I’ve already run the three free credit checks to get a baseline and where possible set up alerts for changes. So far, that’s been free, although there are paid services.
moneysmart.gov.au

Credit scores and credit reports - Moneysmart.gov.au

Get your credit score for free. Knowing your credit rating can help you negotiate deals or understand why you were rejected for a loan.
moneysmart.gov.au moneysmart.gov.au

Pretty sure I have 2FA enabled for most if not all existing sensitive online services. I use a range of email addresses but I’ll probably progressively change the services that used the same as Optus. I’ve already changed the one used for Optus…

I obviously can’t just change my DOB, home address nor do I want to cancel my drivers licence. Which is a PITA since they’re intrinsically linked!

What are others doing/done?
 
Some industry coverage:
www.cybersecurityconnect.com.au

Optus hacked; customers warned to check in with their banks after personal data exposed

Passports, home addresses at risk as hackers attack Optus Optus’ nearly 11 million customers should be “extra vigilant” over the coming weeks of incoming calls, texts and emails as well as r
www.cybersecurityconnect.com.au www.cybersecurityconnect.com.au

and a Podcast I’m about to listen two while stepping out on a treadmill…
SPECIAL EPISODE: Millions of Australians at risk of identity theft from Optus hack
 
SYD said:
Some industry coverage:
www.cybersecurityconnect.com.au

Optus hacked; customers warned to check in with their banks after personal data exposed

Passports, home addresses at risk as hackers attack Optus Optus’ nearly 11 million customers should be “extra vigilant” over the coming weeks of incoming calls, texts and emails as well as r
www.cybersecurityconnect.com.au www.cybersecurityconnect.com.au

and a Podcast I’m about to listen two while stepping out on a treadmill…
SPECIAL EPISODE: Millions of Australians at risk of identity theft from Optus hack
Click to expand...
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
 
OATEK said:
Importantly, no financial information or passwords have been accessed.
Click to expand...
and apparently no images of ID but it’s not clear if, in the case of a DL they have recorded both numbers (DL *and* card number and maybe expiry date).

I have alerts set on my CC and BK accounts, so generally would notice any strange activity and I’d be able to alert the relevant financial institution.

I actually will contact them and get it recorded that I’m part of the data breach.
 
verse.systems

The Optus Breach

Actionable Advice
verse.systems

The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete
 
OATEK said:
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
Click to expand...
Have you not taken a new plan or upgraded your phone on a plan in the last years? That's where my drivers licence was needed.
 
Yeah, they’re not supposed to hang onto it!

But some useful info and links there. I’ll check out the link on specific data to see what it tells me.

Regarding the dodgy API story, apparently that’s been refuted. Either way, damage is done.
Post automatically merged:

daft009 said:
verse.systems

The Optus Breach

Actionable Advice
verse.systems

The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete
Click to expand...
 
Last edited:
daft009 said:
verse.systems

The Optus Breach

Actionable Advice
verse.systems

The last sim I ordered my account manager said they didn't store the licence on file. Just do their checks and delete
Click to expand...

Well, I just used that article and did the search as suggested, and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
 
Just heard on ABC News Radio that Optus will be offering 12 mths free access to one of the credit monitoring services. Which normally costs ~$10 pm +/-.

Does VA still offer WPs a comp Secure Sentinal account? I recall they were a pain to deal with to cancel after the comp period…
Post automatically merged:

Pushka said:
Well, I used that article and did the search as suggested and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
Click to expand...
I’m still on a treadmill…😀 But is it just the DL number or the other important info (at least for NSW), Card # and Exp date?
 
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
 
daft009 said:
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
Click to expand...
Which is probably a sign that your possibly not on the list.
 
Last edited:
I've been hit and Optus have my DL details. The steps I've taken so far:
  • Log in to Credit Savvy (Experian), Credit Simple (ilion/D&B) and GetCreditScore (Equifax) to confirm no new enquiries or accounts (didn't expect any at this stage but wanted to establish a baseline)
  • Request a credit ban and report it to other agencies, which will protect against enquiries for the next 21 days
I'll give Optus the benefit of the doubt that they'll provide access to a credit monitoring service within those 21 days (or further extend it if I need to). All of the above are free and it's a pretty comprehensive way of protecting from financial misuse of my data for the short term. Long term is another story (and if attackers were smart they'd just hold off a year before they use the data, most people aren't in a position to change their name, address, DOB or DL details in the next 12 months anyway)
 
daft009 said:
I haven't received any email from Optus either yet that I'm affected.

Been with Optus in one way or another since 1999
Click to expand...
Check your junk mail. That's where mine went.
I've now put a 21 day ban on accessing my credit file which means I will receive an email if someone tries to access it. With Equifax.

I have renewed my DL in last 12 months but the number used doesn't change. I've never been asked for expiry date on DL so 🤷‍♀️
 
OATEK said:
As an early Optus subscriber (ie several decades ago) I doubt they have any more than DOB, address and phone numbers in the customer database for me. Don't remember having to flash a passport or DL back then.

I watch my accounts pretty much daily, and will be very careful to scrutinise what comes into my various mail boxes. But there is not much that we can do. Changing Optus or bank passwords doesn't really make much difference as far as I can see, as I don't believe these were exposed. 2FA has its place but again not sure it makes a difference in this case.

I got the letter from optus stating:

It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

Importantly, no financial information or passwords have been accessed.
Click to expand...
I don’t see much relevance in the ‘passwords not accessed’. So what if they can access my optus account and order something from the optus store… that’s easy for optus to fix.

But armed with everything else… passport or DL, address, date of birth, phone number… you could do a lot of damage with that alone. Passwords to other accounts can be changed or reset with a lot of that previous information.

Bit late for optus to be coming out now saying they will pay for credit-monitoring services. That should have been stated on day one. Why the delay?
 
SYD said:
Just heard on ABC News Radio that Optus will be offering 12 mths free access to one of the credit monitoring services. Which normally costs ~$10 pm +/-.

Does VA still offer WPs a comp Secure Sentinal account? I recall they were a pain to deal with to cancel after the comp period…
Post automatically merged:


I’m still on a treadmill…😀 But is it just the DL number or the other important info (at least for NSW), Card # and Exp date?
Click to expand...
The detail exposed by Optus does include DL # if held, but not card number of expiry date. In may case the Optus data does not show my full legal name (Firstname, MiddleName, FamilyName), just shows my shortened Firstname and FamilyName.
 
OATEK said:
In may case the Optus data does not show my full legal name (Firstname, MiddleName, FamilyName), just shows my shortened Firstname and FamilyName.
Click to expand...
Mine is complete, unfortunately. You were lucky.
 
33kft said:
I've been hit and Optus have my DL details. The steps I've taken so far:
  • Log in to Credit Savvy (Experian), Credit Simple (ilion/D&B) and GetCreditScore (Equifax) to confirm no new enquiries or accounts (didn't expect any at this stage but wanted to establish a baseline)
  • Request a credit ban and report it to other agencies, which will protect against enquiries for the next 21 days
I'll give Optus the benefit of the doubt that they'll provide access to a credit monitoring service within those 21 days (or further extend it if I need to). All of the above are free and it's a pretty comprehensive way of protecting from financial misuse of my data for the short term. Long term is another story (and if attackers were smart they'd just hold off a year before they use the data, most people aren't in a position to change their name, address, DOB or DL details in the next 12 months anyway)
Click to expand...
I meant to mention “Credit ban” in my first post. I haven’t done it yet (I wasn’t entirely sure of the consequence but will do it shortly).
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Pushka said:
Well, I just used that article and did the search as suggested, and can see my drivers licence and it's number in those fields. I have not used my drivers licence at Optus for over 5 years. It has been stored and not discarded.
Click to expand...
Yep, my DL # is still there but no home address (did anyone else see their address?). Pity they didn’t just enter the card number, I’ve renewed my DL since opening the Optus account….
My name is incomplete (only middle initial but it wouldn’t be hard to guess - in my case). Looks like DoB isn’t correct (it doesn’t even look like a computer coded version but I’m might be wrong)?
I‘ve since changed my email address. The one I used has been pretty well Spam free for years. If i start getting random cough, I’ll know why.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 149 (members: 17, guests: 132)
Back
Top