What is the Optus data breach

Identification repair service receives a month's worth of complaint calls in three days as government pressures telco to pay for replacement ID documents.

“We know that fraudsters [and] scammers are already on to it, whether they’ve got the Optus data or not, they’re attempting to impersonate Optus, they’re attempting to … [Optus to compensate customers,](https://www.theguardian.com/business/2022/sep/28/anthony-albanese-says-optus-should-pay-for-new-passports-for-data-breach-victims) not the government, and that every company in the country should be on heightened alert. Some state transport authorities have indicated customers will need to get compensated from Optus directly for licence replacements, but the company hasn’t communicated how that will occur.

Optus customers have been left feeling vulnerable and outraged by the company's poor communication a week after it announced a massive cyber-attack affecting ...

Connie Quinn, also a 20-year Optus customer, has received a single email from the company. But it isn’t just current customers struggling to find clear information about their stolen data. You feel so vulnerable, it’s like going into your office naked.” Tricia Smythe was an Optus customer 13 years ago and received an email five days after the hack to notify her that her information was compromised. Optus has emailed some customers alerting them to the cyber-attack, including general information about what data might have been exposed. On 22 September, Optus revealed a data breach in which the personal information of millions of customers was stolen, including names, email and postal addresses, phone numbers and dates of births.

Scamwatch is urgently warning Australians to be on the lookout for increased scam activity following the recent Optus data breach and to take steps to ...

[online form](https://www.vic.gov.au/victorian-drivers-licence-record-flag-optus-breach)to flag your licence and request a replacement. See: [Service NSW - Optus breach](https://www.service.nsw.gov.au/optus-breach-faqs) - You can apply to Credit Reporting Agencies for a credit ban to stop people getting credit or loans in your name. - By changing either of these you will have more protection because it will make it harder for criminals to use your old one to take out loans or credit in your name. - ACT – Dedicated phone line for ACT residents - Resolution and Support Team can be contacted on 13 22 81 and selecting option one. Including this in data matching criteria minimises the risk of identity theft using a stolen or lost driver licence. - When a bank or credit provider is checking your suitability for credit, they check with Credit Reporting Agencies. [online form](https://www.nsw.gov.au/id-support-nsw/contact-id-support). [IDCARE](https://www.idcare.org/optus-db-response)has a dedicated support page to assist Optus customers impacted by the data breach. If you receive demands to pay money with a threat that your information will be released, delete the message. - Be wary of new communications and don’t just accept what you’re being told. Serious damage can occur when your information winds up in the wrong hands, but there are steps we can take to protect ourselves.

Last week's Optus data breach exposed the personally identifiable information of up to 9.8 million customers and former customers in Australia, ...

Perhaps this incident will provide the encouragement needed to take on this thorny subject and find a way forward that could genuinely stop a repeat. One example already in operation is obtaining a tax file number online, where the Australian Taxation Office (the relying party) communicates with myGovID, which in turn uses a phone app to verify the physical presence of the individual. In order to be useful, the API would probably have been set up to automatically decrypt the requested data before sending it out to the requestor. This is unsurprising if, as it has been suggested, the attacker got authorised access to a standard application programming interface to the data, known as an API. The standard response of armchair commentators is to recommend encrypting the data, which Optus claims to have done. However, telecommunications companies operating in Australia are required to verify the identities of those they provide services to, as part of regulations to prevent many other types of crimes.

The business models of Australian corporate houses encourage them to skimp on security at the cost of both...

While the message and the actions seem immature, there is no guarantee of the involvement of a sophisticated criminal group or a state actor to mask the real purpose. Although Optus offer a year's subscription to credit monitoring service Equifax to track suspicious financial activity for affected customers, customers have a right to know the extent of the data breach and potential compensation. Assuming contingency, companies should have a strategic communications plan on when, what and how to communicate with stakeholders. Because, the hacker knew that a large telco giant like Optus was never going to pay the ransomware. It's high time to reform cyber security protection regulations for commercial and customer data and reforms to fines for companies that have lax policies to protect Australians. I see Australian companies, large and small, skimp on security measures, cutting corners in the business models at the cost of millions of customers' private information.

A pile of medicare cards. Companies often require customers to supply details such as Medicare numbers for identification checks. Source: AAP. Attorney-General ...

ensure any cost arising out of this is compensated by Optus and not the government," he said. "Our number one focus is dealing with the problems we have in front of us. "Upon discovering the cyberattack, we immediately took action to shut it down to protect your information. "For too long we have had companies solely looking at data as an asset they can use commercially ... "Overwhelmingly, this is Optus' mistake, this is Optus' stuff-up and it's up to Optus to rectify the customers and ... "It really is hard to overestimate the impact and the extent to which this is affecting Australians and Australian households, over 40 per cent of Australians are impacted by the Optus breach, either directly or indirectly," he said. In addition to current and former Optus customers, the range of people impacted by the breach has grown to include customers of Optus subsidiaries. we need to have them appreciate very, very firmly that Australians' personal information belongs to Australians, it's not to be misused, it absolutely has to be protected and if the Privacy Act is not getting us those outcomes then we need to look at reforms to the Privacy Act." Mr Dreyfus said Australians need to be assured that when their data is asked for by a private company or by the government, it will only be used for the purpose for which it has been collected. "Obviously, the more data that's kept, the bigger the problem there is about keeping it safe, the bigger the problem there is about the potential damage that's going to be done by a huge hack that's occurred here." "We need to get in place something that [encourages] companies to dispose of data safely, to not keep data when they no longer have a purpose for it," he said. "We are all familiar with this 100-point identity check; if a company says 'we need to see your driver's licence' or 'we need to see your passport number' that is for the purpose of establishing that you are who you say you are but that should be the end - one might think - of the company keeping all that data."

The Federal government says scammers are already at work after the Optus cyber hack with a massive increase in alerts to the national identity agency.

Please click below to help InDaily continue to uncover the facts. Your contribution goes directly to helping our journalists uncover the facts. Seek Forward→

This increase in phishing attacks led to Optus warning customers that no communication from them would include hyperlinks, and that if they received a ...

They offered an apology also to the 10,200 people who had their data exposed via their posts on Breached, and to Optus itself, saying “hope all goes well with this”. Prime Minister Anthony Albanese said the breach should be “a huge wake-up call for the corporate sector”. Using the alias optusdata, the hacker demanded that Optus pay them US$1 million ransom, or they would leak the data of all 11 million customers affected by the breach. [how the breach happened](https://www.cshub.com/attacks/news/samsung-warns-us-customers-of-data-breach), as Optus has only confirmed that it involved someone gaining unauthorized access to its servers. [phishing attacks](https://www.cshub.com/threat-defense/articles/what-is-social-engineering) and fraud attempts against those who had been directly affected by the cyber-attack. [announced](https://www.slatergordon.com.au/media/slater-and-gordon-investigating-potential-data-breach-class-action-against-optus) that they would be "investigating a possible class action against Optus on behalf of current and former customers who have been affected by the unauthorised access to customer data". [claiming to be the hacker](https://www.cshub.com/attacks/news/iotw-hacker-allegedly-hits-both-uber-and-rockstar) responsible for the data breach posted a small sample of the customer data stolen to the hacking forum Breached on September 23. In Australian parliament on September 26, Home Affairs Minister Clare O’Neil blamed Optus for the attack, saying that the “breach is of a nature that we should not expect to see in a large telecommunications provider in this country”, and so “responsibility for the security breach rests with Optus”. Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data will be sold to other hackers. [confirmed](https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack) that it has now contacted all customers to notify them of the cyber-attack's impact, beginning with those who had been affected by the breach and finishing with those who had not had their data accessed. [told Australian journalist Jeremy Kirk](https://twitter.com/Jeremy_Kirk/status/1573652991496048640) that they had “accessed an unauthenticated API endpoint” meaning that they did not have to log in to access the data and that it was “all open to internet for any one[sic] to use”. [devastating data breach](https://www.cshub.com/attacks/news/revolut-data-breach-exposes-information-for-more-than-50000-customers) on September 22 that has led to the details of 11 million customers being accessed.

The business models of Australian corporate houses encourage them to skimp on security at the cost of both...

While the message and the actions seem immature, there is no guarantee of the involvement of a sophisticated criminal group or a state actor to mask the real purpose. Although Optus offer a year's subscription to credit monitoring service Equifax to track suspicious financial activity for affected customers, customers have a right to know the extent of the data breach and potential compensation. Assuming contingency, companies should have a strategic communications plan on when, what and how to communicate with stakeholders. Because, the hacker knew that a large telco giant like Optus was never going to pay the ransomware. It's high time to reform cyber security protection regulations for commercial and customer data and reforms to fines for companies that have lax policies to protect Australians. I see Australian companies, large and small, skimp on security measures, cutting corners in the business models at the cost of millions of customers' private information.

As the extent of the Optus data breach emerges, a past victim of identity fraud urges people to more tightly guard their online security, as a cyber ...

to people whose data hasn't been leaked yet, scammers will take advantage of the fact that we're in a confusing situation," he said. "One of the biggest things for me was always thinking, this sucks, but I can deal with this … "[Scams] will increase throughout the population in the coming days and coming weeks. "We don't have those rights within Australia for data. "I knew it was coming … "I've had multiple bank accounts opened in my name …

NSW Infrastructure Minister Rob Stokes has announced he will quit politics at the March state election. “I've had a great go, and now is the time to give ...

“Regrettably the minister is unable to meet, but the department would be pleased to meet with you in the coming weeks to discuss these matters. It was the lack of any sense of when, or how, he planned to pay for his bout of fiscal extravagance. “The minister values your invitation to meet with your chief counsel,” the letter said. On Monday as markets reeled, he said he would stump up a plan for keeping the public debt load in check – but not until November 23. On Tuesday afternoon in the City of London, a helicopter circled repeatedly overhead. The pound hit a record low, bounced back, dropped again. The markets were on fire. Markets in Britain, the world’s fifth- or sixth-largest economy, were I always held the view we need to get to the point where if you are sick you simply stay at home. Anne, the Princess Royal was with her mother in her final 24 hours. “It has been over 900 days where we have had these public health orders in place. Hours after weakening to a tropical storm while crossing the Florida peninsula, Ian regained hurricane strength Thursday evening over the Atlantic.

Opposition Leader Peter Dutton has criticised the government for not introducing new privacy legislation to parliament following the...

The opposition has called for the government to unfreeze "critical" cyber security funding, which is being reviewed along with other industry grants given by the former Morrison government. "It should have been in the parliament this week, the government was aware of this problem," he told Nine on Friday. Attorney-General Mark Dreyfus earlier this week said the government is seeking to put legislation to the lower house by the end of this year.