Up to an estimated 9.8 million Australians are at risk of having their data and personal information being leaked after a cyber attack on telecommunications provider Optus.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The breach is being investigated by the Australian Federal Police. Optus said it is in the process of notifying customers who have had their information compromised.
READ MORE:
Data leaked includes names, dates of birth, phone numbers, email addresses and identification documents.
However, one cyber security expert has cautioned against over-reacting to the breach.
I am an Optus customer. Was my information compromised?
That is not yet known, Director of Enterprise at UNSW Institute for Cyber Security Nigel Phair said.
"Just because there's been a lot of records that have been exfiltrated by criminal doesn't mean they have been used," he said.
"People need to be alert, not alarmed."
However, ten thousand people have had their data released to the dark web while Optus is in the process of notifying affected customers.
My name, DOB and/or email address was leaked. What is going to happen?
Cyber support charity IDCARE said while the leaking details like a name or date of birth on their own is not a huge risk, the combination is dangerous.
Having your phone number leaked puts you at risk of spam messages and calls. Scammers can use that information in combination with other details like addresses to make them seem more legitimate.
IDCARE said there is a low risk of cyber scammers using a personal address to plan a physical attack or robbery.
However, Dr Phair said "a cyber criminal is interested in names and dates of birth and addresses" because they can use this information to create accounts in a victims name or takeover existing ones.
My identity documents may have been compromised. What is at risk?
Dr Phair said people who had their identity information stolen should not be too concerned.
"Things like drivers licence numbers, Medicare numbers, passport numbers, aren't that valuable to a criminal," he said.
However, IDCARE cautioned that some of this information can be used to create unauthorised financial accounts in your name using proof of identity documents.
They may be able to do things like access your MyGov or ATO accounts, establish utility accounts or even apply for rentals.
A scammer could also create social media accounts in your name or take over existing accounts.
How do I protect myself?
Optus has advised customers to look out for any unexpected activity on their online accounts; be careful of suspicious calls, texts, emails or social messages; never click on links or attachments.
Other cyber criminals are taking advantage of the situation by pretending to be Optus, RMIT cyber security expert Professor Matt Warren said.
"I've seen examples or where people have been sent, you know, text messages pretending to be from Optus and to click on links," he said.
IDCARE advises customers change passwords and PINs to things like email, banking, MyGov, superannuation, shopping and social media accounts.
However, Dr Phair said changing a password or issuing a new drivers licence was not going to protect a customer as passwords were not leaked in the breach.
"They don't need to change drivers licences or passports or Medicare numbers, they don't need to change passwords for internet banking and those type of things," he said.
"Yes, [ID] forms part of your 100 points of identity. But it's just a number by itself is often collected, not all the associate numbers."
READ MORE OPTUS:
Enable multi-factor authentication where you can, Dr Warren advised.
"So when you log in, as well as typing in your username and password, there's been an extra stage in the process," he said.
"It could be an app on your phone that generates a code. You could be sent a text message.
"A hacker wouldn't have that extra information because it's generated every transaction."
Customers are also advised to check their bank account statements for any unusual purchases. Call your bank if there is any suspicious activity.
You can also request a copy of your credit report to check for any unauthorised loans or applications. These reports are usually free.
IDCARE says you may have to request a report from three bodies - Equifax (138 332), Experian (1300 783 684) and illion (1300 734 806).
Optus has offered customers whose ID numbers and personal details have been leaked a free 12 month subscription to Equifax Protect.
What are the signs I have been hacked?
Optus said they are not aware of any customers who have been scammed because of the data leak.
But Dr Warren said people should look out for suspicious activity.
"[Be] aware of the emails that you receive, the text messages that you receive, what people are asking, and monitoring your credit card and your bank details for payments," he said.
MoneySmart said signs of identity fraud include unusual bills or charges; calls or texts about services you don't use; strange emails; or an increase in suspicious calls, texts or social media messages.
The website "I have been pawned" may tell you if your phone or email address has been breached.
MoneySmart advises anyone who thinks they have had their identity stolen contact their local police station immediately.
They said to contact your bank and change your passwords.
If the fraud is proven, you can have a Commonwealth Victim's certificate issued to help you deal with your financial and personal affairs.
I'm still confused. What should I do?
The Optus breach may be particularly difficult for people who are not as technologically-savvy. This may include older people or those with English as a second language.
Anyone concerned about their data should call IDCARE on 1800 595 160 and contact their banks. Explain you are an Optus customer and they will talk you through your options.
We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.