Receiving a data breach notification saying that your personal information has been lost or compromised can be stressful and confusing. There are a number of trusted and reliable sources of information that offer advice on the steps you can take to mitigate the risk of scams and identity theft.
In this article:
What is a data breach?
A data breach happens when personal information is accessed, disclosed without authorisation or is lost. This can be by accident or because of a security breach.
Your personal information is valuable
Think of your personal information like a puzzle. Each piece alone might seem small, but when you join the pieces together it’s enough for a criminal to steal your identity. With your personal information, scammers may even be able to access your bank account, take out loans and open new credit cards in your name, impacting your credit rating.
So, what does it mean if your full name and date or birth, or even a copy of your driver licence fall into the wrong hands? IDCARE explains what a scammer can do with your exposed credentials.
Find out more about identity theft , including warning signs to look out for and where to go for help.
How do I know if I have been impacted by the Optus data breach?
Optus has contacted current and former customers whose personal information was exposed as part of their data breach that occurred in September 2022. This includes names, dates of birth, phone numbers, and email addresses. For a portion of customers, their identity document numbers such as driver’s licence, passport or Medicare number were also exposed.
Optus has communicated via email or SMS message with customers whose personal information has been exposed. They haven’t included any links in their messages about the data breach, so if you do receive a message with a link in it, it’s not a legitimate message from Optus. Do not click on the link.
Where to go for more information and help
There are a number of reliable resources you can turn to for help.
If you’ve received a data breach notification from Optus, you should start with their website for the most up to date information on the breach and answers to some commonly asked questions including whether you need to replace your driver licence and how to know if your Medicare card number has been exposed.
IDCARE is a free support service for people who are the victims of identity theft, hacking, scams and lost or stolen credentials. For former and current Optus customers impacted by the Optus data breach, IDCARE also provides advice on precautionary actions you can take to protect yourself, including:
- set up multi-factor authentication on your accounts where possible and use strong passwords
- contact your financial organisations, superannuation and other key accounts you hold to request additional security be placed on your account
- how to sign up to receive free credit reports from credit reporting agencies.
Scamwatch is the go-to source for information on the latest scams and how to protect yourself against them. They provide advice on the Optus data breach related scams to look out for and advice on what else you can do if you’ve been impacted by the data breach. For example, consider changing the email address you use for important accounts if it’s the same one you provided to Optus.
Office of Australian Information Commissioner (OAIC)
The OAIC is the independent national regulator for privacy and freedom of information. They have important information on your privacy rights, how to respond to a data breach notification , what to do if your identity has been stolen , as well as how to access your credit report .
Be alert for scams
In addition to taking the recommended action from places like IDCARE and the OAIC, it’s a good idea to stay extra vigilant against potential phishing scams. These are scams often designed to look like they’re from well-known organisations to trick you into providing your personal information and /or money.
Pay extra attention to emails, texts and calls you receive claiming to be from organisations you know like banks and government agencies, for example. Here are some tell-tale signs to watch out for.
A sense of urgency
Scammers find ways to grab your attention and create a sense of urgency that can lead you to act without thinking. Here are a few examples of what they may say to trick you:
- Your internet has been hacked or is running slow and the caller claims they can help you fix it.
- Your account will be locked unless you update your password or verify your identity.
- You’re threatened with a fine or arrest if you don’t take some type of action like make a payment to the tax office.
- You have won a prize (in a competition you didn’t enter) and you need to pay a fee to claim it.
- Your bank has detected an unusual transaction or activity on your account so they ask you to call a number if it wasn’t you.
Not all links in messages are bad. A link in a newsletter you have subscribed to from a trusted sender is okay to click, but a link in a text or email that asks you to enter some type of personal information on the other hand, is not.
How can you tell the difference between a safe link and a scam? Read the message carefully and consider what is being asked of you and ask yourself, is it really from the company it claims to be from?
Fake web page
A phishing link can take you to a fake web page that looks the same as the official page of an organisation like your bank or myGov, for example. The page might include boxes for you to enter personal information such as your password, email address, and answers to secret questions you use to verify your identity.
One way to tell whether you’re on a fake page is by looking at the web address or URL. If the page is fake, the address of the website will be slightly different to the real address. For example, your bank's official address may be mybigbank.com.au but the link takes you to mybigbank.net.au instead.
Tips to avoid phishing scams
Be alert not alarmed is the best approach to take when it comes to phishing scams. There are steps you can take – and good online safety habits you can practice – to protect yourself and avoid them.
Pay close attention
When you read a message or speak to an unexpected caller, ask yourself: what are they asking you to do? What information do they require? Does it sound right to you? Don’t be afraid to ask questions or hang up on a caller who is pressuring you to act quickly.
Think before clicking a link
Never click links that ask you to update or verify your personal information no matter how urgent or official they sound. Banks and other large organisations will never send you a link asking you to enter your personal information or password.
Don’t give your bank details to unexpected callers
Don’t provide your bank or credit card details to anybody who calls you unexpectedly, even if they say they want to ‘confirm’ the information is correct.
Check the web address (or URL) when you visit an official website
Scamwatch recommends you never enter your personal, banking or credit card details on a website unless you have checked it’s authentic. If you know the correct web address, compare it with the URL of the website you’re on, otherwise do an online search for the official address.
Contact the company directly
If you receive a message that you’re unsure about, contact the company it claims to be from directly. You can do this through an online search for their contact details – don’t use the contact details provided in the message.