Optus data leak – what do I do if my data has been hacked?

It was revealed this morning that Medicare numbers were exposed in the data breach.

Optus previously revealed that the leak had included names, dates of birth, email addresses, phone numbers, postal addresses, driving license numbers and passport numbers.

The original ransom demand was posted online Friday afternoon. (Supplied)

But he had not disclosed that Medicare details had also been compromised.

“The Medicare numbers were never reported as part of the breach,” Attorney General Mark Dreyfus said.

“Consumers also have the right to know exactly what individual personal information has been compromised in Optus’ communications with them.”

Dreyfus said the Australian Federal Police were “making a huge effort” to catch the culprit.

State and territory police, as well as the US FBI, have also been involved.

How do I know what data has been exposed?

Optus is responsible for informing you if your data has been breached. So far, the telco has informed many customers and former customers that their information has been exposed.

But the telco has yet to say specifically which user’s data was breached.

You can also make a privacy complaint to the OAIC, but you’ll need to contact Optus first. An email to a customer about the Optus data breach. (Supplied)

What do I do if my data has been hacked?

Optus has hired cybersecurity firm IDCare to support customers with their exposed data.

The IDCare website has a form that customers can fill out as a first step.

But the company has warned that its case managers are dealing with a large number of calls due to the breach.

You should not use non-government sites to check if your data has been exposed.

Sites that ask for your personal data to find out if you’ve been hacked are often just data harvesting sites for nefarious actors.

What can happen if my data is hacked?

For most people, the biggest risk will be identity theft.

Optus is responsible for informing you if your data has been breached. (Kate Geraghty)

A person could use your details to open a bank or similar account, and possibly apply for a loan.

Victims have also been blackmailed by the Optus breach, with some contacted customers already demanding money to keep their data private.

But CyberCX’s Alastair MacGibbon told 9News there could be fatal consequences.

“If you were someone who has escaped from a violent relationship and you’re currently on the run from your ex-partner and your address has basically been stolen by a criminal,” he said.

“For the vast majority of us, it means we’re more likely to be scammed, to have things like our identity stolen, but for a certain subset of people, it’s a threat to their security.”

What should I be aware of?

If your data has been leaked, you can become a target for fraudsters.

Dreyfus has urged all Optus customers to be vigilant.

“Don’t click on any links in a text message,” he said.

“Check all sources on the website – just make sure it’s an official website before taking any future action.

“If you’re not sure why you’re being asked to disclose private information, stop and verify who the person or organization is making that request to you.”

Optus customers have had their personal data leaked. (Cole Bennetts)

Has my account been hacked for good?

If you’ve been an Optus customer at any time between 2017 and now, your data is probably in the hands of a hacker.

So far, 10,000 Optus customers have had their data leaked in a publicly accessible way.

Earlier on Tuesday, the alleged hacker claimed that the rest of the details had been completely deleted.

It is somewhat doubtful that the data has been deleted. For many nefarious operators, it’s better that people believe their personal data is safe.

Optus customers are advised to take a number of steps to protect their online identity. (Graphic: Channing Young)

You can only change certain details between filters in the Optus hack.

Obviously, you cannot change your date of birth and you would have to move to change your home address.

If you renew your passport, your new one will have a different number.

But if you get a new Medicare card, it will have the same number.

NSW Customer Services Minister Victor Dominello said people in the state can get a new digital driver’s license issued instantly using the Service NSW app. A new plastic card will be issued within ten working days.

The new license will cost users $29, with “Optus issuing refund advice to customers in the coming days”.

In Victoria, you won’t be able to change your driver’s license unless you can prove actual identity fraud has occurred, while Queenslanders affected by the breach can get a new license free of charge.

Each jurisdiction has different rules regarding driver’s license numbers.

Should Optus pay the ransom?

The telecommunications company has already said it will not pay the $1 million ransom demanded by the alleged hacker.

“It’s already possible that someone paid the ransom,” MacGibbon said.

“I said earlier that Optus needed to consider the concept of paying the ransom if it really helped reduce the possibility of security threats to that small subset of people whose data has clearly been stolen.

“Maybe someone already bought the data from the criminals, that’s why they say they took it down.”

Leave a Comment

Your email address will not be published. Required fields are marked *