In a nutshell; Optus has advised the likely breach of personal customer information in the form of names, addresses, numbers and identification documents such as drivers licenses and passports.
This represents a significant exposure, which is why Optus has been both compelled — and obligated — to provide a report to their customer base and the Federal Government. They did so quite quickly after discovering the breach.
Though cause remains unclear at this time, it is quite possible (though still unverified) that this is an example of what’s known as “data exfiltration”.
This may affect you if you’re an Optus customer directly, or a customer through one of their wholesale partners that utilise Optus networks and infrastructure.
At this time, in our view, it’s critical that you do the following:
- Determine if you’re an Optus customer or a customer of a service which uses Optus as a wholesaler, such as your ISP of choice.
- Contact Optus or your wholesaler directly — via their customer service contact centres — to determine if your personal information has been compromised, and their remediation.
- Follow security advisories and recommendations which Optus may share with you.
- Be aware that if your personal information has been compromised, that you are at an elevated risk of being impersonated, and to keep an eye out for suspicious account activity or contact/detail changes, re-issuing of items like SIM cards, and your ID or payment info being used in unusual states or countries.
Though there is little we can offer at this early stage in terms of resolution recommendations, we are able to offer advice to you if required, so please feel free to reach out via our support email, email@example.com, or via phone during regular business hours.
For more information, visit the Australian Federal Police media release.