Optus Data Breach - What You Should Do

Millions of current and former Optus members have potentially been subject to a serious data breach as hackers have accessed users’ personal information. Optus notified the public on Thursday, 22 September 2022 that up to 2.8 million users’ information, including telephone numbers, dates of birth, addresses and, potentially licence numbers and passport details have been exposed. In 2022 it is not uncommon to hear of data breaches. Just this year in Australia we have seen cyber-attacks on the Australian Parliament House, Western Australian Parliament house, transport giant Uber, Canva and Australian major universities and hospitals.

Although, in a statement on Thursday, the Optus CEO Kelly Bayer Rosmarin stated they’re “not aware of any harm suffered” by users, you and your organisation can take important steps to protect yourself and your business. The Cyber Security Home Affairs Minister Clare O’Neil has encouraged all Australians to monitor their devices and take precautions. Considering increasing cyber-attacks, it is vital to be informed and prepared.

The concern is that such an array of information could be used by hackers and those who obtain the information, for activities such as identity theft. 

What should you look for?

  • Changes in account access, such an account being suddenly locked or funds being withdrawn;
  • Slow devices and networks;
  • Suspicious account activity;
  • Sudden changes in system files;
  • Unexplainable increase in pop-up notifications;
  • Sudden computer or device crashes; and
  • Unknown additional applications on your computer of device. 

What you should do?

Lavan suggest you take immediate steps:

  • Notify your clients and staff immediately that there has been a breach of Optus members data and a potential risk to be aware of;
  • Strengthening your personal or cyber security by updating your passwords and general security programs;
  • Ensuring your IT systems are updated and current;
  • Implement cyber policies and plans for your business or organisation;
  • Implement a cyber response plan, to assist you when faced with a cyber breach;
  • Updating your devices; and
  • Backing up your personal or business data.

That looks suspicious!

Monitoring your devices is important to ensure that your data is being protected. Any suspicious activity should not be overlooked. Optus have provided platforms and other services that can assist you with protecting yourself from a cyber-attack:

  • Visit the OAIC website for more information;
  • If you believe you are being scammed contact scamwatch.gov.au;
  • Contact your financial provider to ensure your assets are protected;
  • Contact Optus if you have concerns.

Cyber-attacks happen for a multitude of differing reasons such as extortion, identity theft or even for political ends however, Optus are currently unaware of the motives for this attack. Therefore, being vigilant and pro-active is important. 

Lavan Comment

Australian organisations and business are experiencing a significant increase in cyber-attacks due to exploitation of technical vulnerabilities and action must be taken to protect yourself and businesses’ data. Lavan has extensive experience in assisting with cyber-attack response plans and policies. If you or your organisation need a cyber-attack policy or response plan, contact Andrew Sutton or Iain Freeman today on (08) 9288 6000 or andrew.sutton@lavan.com.au/iain.freeman@lavan.com.au. 

Disclaimer – the information contained in this publication does not constitute legal advice and should not be relied upon as such. You should seek legal advice in relation to any particular matter you may have before relying or acting on this information. The Lavan team are here to assist.