The recent Optus hack has been a huge reminder for all of us that our personal information is never 100 per cent secure in the digital space.
As busy parents, we hardly have enough time to drink a hot coffee, never mind sit down and change every password we’ve ever had. Or even remember them in the first place.
However, this Optus data breach is the real deal. And even being as busy as we are, there are things we all need to do to protect our families from the nightmare of being pwned.
Let’s recap… what is the Optus hack?
On September 22, Australia’s second biggest telecoms company, Optus, announced that up to 9.8 million records had been stolen from their database.
The leaked information includes dates of birth, names, phone numbers and, in some cases, addresses and drivers licence numbers. Details date back to 2017.
The hackers threatened to release 10,000 addresses every day to the dark web until Optus paid US$1 million ransom.
The true fallout of the breach is yet to be fully determined. This is because after 10,000 records were released, the hackers reportedly had a change of heart, unexpectedly apologising and claiming to have deleted the data.
Since then, 10,200 records have already shown up on a website on the dark web dedicated to buying and selling stolen data. And increased reports of people being contacted by scammers suggest that they are already being used.
I have been an Optus customer. What should I do?
As much as we all like to believe that there is good in everyone and the hackers’ apology was genuine, the best course of action is to assume that this data is all out there. At least until Optus notifies people. Therefore, the advice is that all Optus customers should take immediate steps to secure their accounts. In particular, banking, MyGov accounts and SIM card.
Because of the nature of the data breach — including passport numbers, Medicare numbers and drivers licences — some customers could have had enough data leaked to provide someone with 100 points of ID.
Kathering Manstead, Senior Fellow at ANU’s National Security College and Director of Cyber Intelligence says, “That’s pretty much enough to be able to verify someone’s identity for a range of purposes. This includes setting up utility accounts and verifying financial transactions.”
Experts advise you to monitor your accounts for unusual activity. Place limits on your account or talk to your bank on how you can secure your money. If you suspect fraud, you can request a ban on your credit report.
Optus will notify affected customers directly to alert them that their data has been compromised, and has said it will offer high-risk customers additional resources such as expert third-party monitoring.
State governments are working with Optus to address the costs for you to replace your driving license. This will depend on where you live, and is developing. Optus will also, be footing the bill if you need to get a new passport, because of the hack. That’s according to the Federal Government announcement on Friday, September 30.
Common scams to watch for
The scams involving these data are sure to grow over the coming weeks. So, it’s time to be extra vigilant for any strange text messages and phone calls.
Never click on links or provide personal information to someone who contacts you out of the blue. Any well-known business will not contact you by text and ask for personal information.
Cyber security website Scamwatch has some great tips on how to spot a scam here.
Common scams include data recovery scams, where scammers offer to remove your information from the dark web for a fee. Scrubbing information from the dark web is impossible.
The ‘Hi Mum’ scam is also prominent and particularly hooks families and parents. This is where scammers pose as a family member using a new number or WhatsApp, claiming to need urgent financial help. If you receive a message like this, contact the family member by another means.
You might also like…