Cyber Security Update: Optus Cyber Attack – Additional Information

A further advisory on the Optus Cyber Breach and initial recommendations.

Regular media coverage around the size and impact of the Optus Cyber Breach is ongoing.

Optus is communicating with affected customers via email and text message with actions and recommendations, supported by third party recommendations from the Federal Government including the AFP.

Cyber Security Update: Optus Cyber Attack – Additional Information

If you’re an Optus customer, or a customer of an Optus wholesale partner that utilises Optus networks and infrastructure, it is crucial that you continue to follow these official recommendations, noting that those recommendations may change over time.

Further to our initial communication, please take note of our additional supportive advice:

  • Identify your most vulnerable online accounts and secure them – this means changing bank pin and passcodes; passwords to Government service web sites such as medical; online service portals and the like; including email and internet services.
  • To help manage the above, assist yourself with strong password creation by using a password management tool like BitWarden or KeePass.
  • Always use 2-Factor or Multi-factor Authentication where supported.
  • Ask critical account holders, like your bank and service providers, to add a unique passphrase or pin to your account notes to verify when you call up, and, if supported, enforce the use of text verification codes for support calls.
  • Customers whose drivers licenses, Medicare number and passports have been exposed may be eligible to obtain new documents and identification numbers from State or National Government departments — please follow their advice either through your own direct contact with these departments, or official Government advisories on the matter.
  • If your personal information has been compromised and this has been verified by Optus or a wholesale partner, it is absolutely imperative that you closely monitor your accounts, bank and services activity (such as Government services, online portals and the like) for suspicious activity, changes or impersonation. Employ the above to keep these as safe as possible!
  • While Optus passwords were not stolen, It is still strongly advised that you change passwords and pin codes to any and all online services you may use, including Government web sites, E-tailers and financial services.

We may be able offer further advice to you if required, so please feel free to reach out via our support email,, or via phone during regular business hours.

For more information, please visit and follow the “Have you been hacked” guide, and the AFP web site, and look into these resources:, as well as an excellent resource on the Optus scam at Scamwatch.