Optus Data Breach Leaves Millions of Australians at Risk of Identity Theft

The APF is investigating Optus’s data breach that involves millions of customers’ personal data theft. The company said customers should not click on links purporting to originate from Optus.

Last week, the chief executive of Optus, Kelly Bayer Rosmarin, announced that the company’s users need to exercise ‘heightened vigilance’ for securing their identities after the criminal attacks on Optus’s security system. The motives are still unknown, but apparently, the reason is to access the personal information of millions of Australians. 

The Australian Federal Police is investigating the data breach, and about 10 million users are waiting for further advice regarding the extent of the breach, what the company is doing to help the affected ones and what they should do to ensure they don’t fall victim to identity theft.

According to Optus, the data breach involves personal information, including emails, contact numbers, driver’s listen, and date of birth. The company said, “no passwords or financial details have been compromised,” and the most serious customers have been contacted by telephone for assistance to ensure that they don’t have their identities stolen that can be used in illicit activities. 

The company also said they wouldn’t send customers any emails or SMS messages. They should not click on any link purporting to originate from Optus.

Meanwhile, the company advised the customers to change their passwords and look at their bank accounts for anomalous transactions. However, there are rumors of customers’s sold information on the dark web. 

According to AFP, it’s difficult to know whether the claims of sold data are real. There has been one attempt at extortion through an anonymous account that claims to have the data. According to that account, the data would only be returned if the company pays $1 million in cryptocurrency within one week. 

The AFP said, “It is an offense to buy stolen credentials. Those who do face a penalty of up to 10 years imprisonment”,  but that’s just a mere solace by the company for those customers facing serious threats of identity theft. 

Huge corporations like Optus require various personal data to set up a telecommunications account. Customers have to hand over their personal information. These customers trust that their data will be kept confidential and have few resources in case of cyberattacks. 

Suggested Read: FCA Advises Firms to Embed Data and Technology to Combat Financial Crimes