Local Optus customers, who have been told their personal information has been caught up in the unprecedented data hack scandal, are left wondering what it means for their cyber safety.
Dan Margot, of Coolum, said his and his wife’s phones are on Optus plans. They received emails from the telecommunications giant, advising them that their data may have been breached.
Mystery still surrounds the massive data breach, in which the personal information of around 10 million Optus customers was reportedly stolen by a hacker – information included simple data like names, dates of birth, phone numbers and email addresses, and for some customers, passport and drivers licence numbers, and possibly Medicare card numbers.
“The fact that you hand over all these documents. It’s quite authoritarian, almost,” Mr Margot said.
“It definitely opens up worm holes like this when people’s data gets stolen, you ask, ‘What’s it used for?’”
Mr Margot said he had also noted some unusual activity on his phone since the breach was made public.
His mother and wife had received texts, apparently sent from his phone, which he had not actually sent – one message, pretending to be from him, claimed he had damaged his phone and needed help, while a dodgy text to his wife included an attachment that could not be opened – perhaps thankfully.
“When I said I hadn’t sent anything, I then opened my email and Optus actually emailed us and said, ‘We’ve had a data breach’,” Mr Margot said.
“Are these things related? I find it hard to believe that they weren’t.”
Cyber security expert Dr Dennis Desmond, of the University of the Sunshine Coast, said in many cases, Optus customers’ lost data is enough to amass the 100 points required for identity verification.
“This kind of data is all you would need if you were a criminal to create duplicate accounts, hijack existing accounts, create new lines of credit and engage in other types of criminal activity, including influence and social engineering fraud,” Dr Desmond explained.
Sunshine Coast victims are now playing a waiting game to learn exactly what impact, if any, the breach could have on their finances and personal lives.
“Exactly. What do you do? You don’t know if any damage has been done,” Mr Margot said.
“Hopefully, it doesn’t make my life harder. If anything in my details is used and I have to, I don’t know, prove my innocence, if it’s used for any nefarious activities, and how is that going to impact me in the future.”
Dr Desmond said customers could be waiting years without a definite resolution.
“A lot of these identity documents don’t expire for years … customers are going to be dealing with this for a couple of years at least.”
Optus has offered to pay for 12 months of security monitoring for affected customers. The Queensland Government has offered to provide new licences for free to affected customers. Mr Margot said he would “definitely” be doing that.
Reports suggest the FBI has joined the Australian investigation to help determine who has committed the major cybercrime.
“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” said Optus CEO Kelly Bayer Rosmarin, in an online statement.
Optus said it would contact “the most affected customers” more directly. It added a warning that “no communications … relating to this incident will include any links, as we recognise there are criminals who will be using this incident to conduct phishing scams”.
Do you have an opinion about the Optus data breach? Submit a Letter to the Editor with your name and suburb to Sunshine Coast News via: email@example.com
Optus advised concerned customers that the most up to date information is available via optus.com.au. Customers who have specific concerns can contact Optus via the My Optus App (which remains the safest way to interact with Optus) or by calling 133 937.
SUBSCRIBE here now for our FREE news feed, direct to your inbox daily!