You’ve fallen victim to a mass data breach. What does it mean and what should you do?

hacker mockup

Last month customers of Australia’s second-largest telco, Optus, were greeted with the news that nobody wants to receive: “As a result of a Data breach, your personal information has potentially been compromised”.

The Data breach has been identified as one of the largest in Australia. Over 9.7 million current and former Optus customers’ personal identifiable information (PII) was stolen. PII includes:

  • Full name
  • Date of birth
  • email
  • Phone number
  • Address
  • Drivers license number
  • Passport number

How common are data breaches?

The Optus breach is, without a doubt, one of the more significant incidents of its kind in Australia, but it’s by no means the only occasion where customer Data has been accessed and made public.

In recent years several corporate and government institutions, including the likes of Canva, ShopBack, the Australian National University, Service NSW and the Victorian Government, have been hit by Data breaches that resulted in the release of the personal details of individuals.

The Office of the Australian Information Commissioner’s most recent Notifiable Data Breaches Report notes that there were 464 breaches between July and December 2021 alone – a 6% increase on the six months prior.

computer code on a screen

What is stolen data used for?

A positive in the Optus case is that no reported financial information, such as credit card or bank account details, were compromised. However, for Optus customers with their passport or license numbers exposed, risks such as Identity Theft have become a real possibility; as the Minister for Cyber Security Clare O’Neil pointed out in an interview with ABC:

“The reason this is so concerning to us is because what this effectively amounts to is 100 points of ID, so the scope for identify theft and fraud is quite significant”.

The concern is also shared by Professor Gernot Heiser from the University of New South Wales, who says that there are numerous ways for personal information to be misused.

“With this information, people can potentially set up accounts in your name and use that, for example, for money laundering. Or for even milder things like creating social media accounts, posting hate speech or other material that will reflect badly on you.”

What action can you take if your Data has been exposed?

Because the information stolen in a Data breach differs between individuals and incidents, there’s no simple safeguard or solution.

However, there are several recommendations you can take to reduce your chance of falling victim to Identity Theft or prepare yourself for a future Data breach.

Change your passwords

The first step to take is to change the password associated with the service or account which has been compromised.

If you haven’t already, and if available, it is worth adding an extra layer of security to your accounts by enabling multi-factor authentication (MFA).

According to the Australian Cyber Security Centre, an MFA requires multiple points of proof rather than just a single pin or password, providing significantly more security against wrongdoers.

Apply for new Identity Documents

While the leak of sensitive information like a driver’s licence number or passport number doesn’t happen in every Data breach, if it does occur, it may be worth exploring the possibility of replacing any compromised documents.

For example, Australians with driver’s licence numbers exposed following the Optus incident have been encouraged to replace their licenses, with state governments waiving replacement fees for those impacted.

Monitor your bank account

Stolen identities are often used to take out loans or other products in your name, so one of the ways to monitor any credit fraud is by regularly reviewing your credit report.

Australians can access a free copy of their credit report from the three major credit reporting agencies (Equifax, Experian and illion). It is also possible to place a ban on your report if you suspect you’ve been a victim of Identity theft.

Watch out for scams and phishing attempts

While it’s generally good practice to avoid clicking on suspicious links sent via email or text, we urge everyone to be vigilant at all times with such attempts.

If contacted by someone claiming to be from a company or the government, we advise never to respond to any requests for personal information. Instead, contact the organisation directly to find out whether it’s genuine.

tablet screen and data protection

Be Smart About Your Personal Data

The increasing risk of Identity crime in our digital society is something to be mindful of when sharing your PII with organisations. By being smart with your online browsing behaviour and leaning on professional bodies in times of need, you can ensure your Data will stay safe and protected throughout the digital economy.

If you are a business in need of an easy solution to ensure your customer’s Data is captured and secured safely, we welcome you to check out our unique Identity Verification software.


Disclaimer: The information provided in this article is not intended to amount to legal advice. Professional assistance may be required to determine the most appropriate action to protect your legal rights.

Get in touch