Optus has admitted that following a cyberattack, they are investigating the possible unauthorised access of current and former customers’ information.
Upon discovering this, Optus says they immediately shut down the attack. Optus is working with the Australian Cyber Security Centre to mitigate customer risks.
Optus has notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.
Two points are worrying.
- As yet, it doesn’t seem Optus has emailed customers about this data breach. I heard about it from ABC News.
- Why was Optus holding all this information about current and previous customers? Passport and Drivers licence information is especially important, and Optus should have deleted it after it was used by customers to sign up for a new service.
If your personal information gets stolen eg, when a big company like Optus gets hacked, the hackers can sell your information to people who can use your stolen full name, address, date of birth, driver’s licence and passport number to apply for loans, mobile phone accounts and more.
One way to stop identity thieves from using your personal data to apply for mortgages, personal loans or more is to ban access to your credit record. Without access to that, banks won’t issue a loan and telcos won’t open a postpaid phone account.
In Australia the 3 main credit agencies also known as Credit Reporting Bodies who store your credit record are Experian, Equifax and Illion.
You can lodge a request to ban access for an initial 21 days or for 12 months to any of the 3 agencies and ask them to send a message to the other two as well. Or you can lodge a separate request to all 3.