Optus was hit by a massive cyberattack and this resulted in the data of millions of customers being exposed. As this cyberattack on Optus is a major online safety issue, we're going to take a deep dive into what exactly happened, what Optus is doing, and what you can do to protect yourself - especially if you're an Optus customer.

Just remember that if you need support or someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.

So what happened with this Optus data breach?

On September 22, 2022, hackers managed to gain access to the personal information of millions of Optus customers. It's not just current customers as past customers dating back to 2017 are affected as well.

The telco has confirmed that up to 10 million people are at risk of having their usernames, dates of birth, phone numbers, email addresses, driver's licence numbers, passport numbers or addresses compromised.

Optus has also confirmed that no payment details or account passwords were taken in the cyberattack. At the time of writing, there's been no evidence of any of the stolen data being published or released anywhere online.

It's important to note that Optus' SIM-only brands Amaysim and Gomo, and its wholesale services were not impacted by this attack.

Damn, what is Optus doing about it?

Optus has contacted all customers whose personal information were compromised by the cyberattack. Those affected by the attack will receive an email or SMS from the telco informing them what's happened. Privacy regulators and banks have also been notified.

The telco is also working closely with the Australian Federal Police to obtain information needed to conduct a criminal investigation into who was behind the cyberattack, and with the Australian Cyber Security Centre to limit the risk to both current and former customers.

SIM card swaps, replacements, and ownership changes have also all been paused online for Optus customers and can only be done in store for the time being.

As driver's licence numbers were among the data stolen in the cyberattack, a number of state governments have announced that affected customers can apply for a replacement driver's licence - and at no cost for some states. Optus will contact those affected by the cyberattack to confirm whether they will need a replacement driver's licence. Here's what affected customers need to know:

  • For NSW residents:

    • Customers can apply for a new driver's licence through Service NSW.

    • For those with a digital licence, an interim card number can be issued instantly through the Service NSW app and a new licence card will be sent within 10 business days.

    • A $29 replacement fee will be charged, but this will be reimbursed by Optus.

    • For more in-depth information and instructions, head over to the Service NSW website here.

  • For Queensland residents:

    • Optus customers affected by the cyberattack can get a free, new replacement driver's licence from the Department of Transport and Main Roads.

    • A dedicated hotline (07 3097 3108) for those who need immediate help has also been set up.

  • For South Australia residents:

    • Optus customers affected by the cyberattack can get a free, new replacement driver's licence from Service SA.

    • Those who have already paid for a replacement licence can get a refund through Service SA.

  • For Victoria residents:

    • Optus customers affected by the cyberattack are encouraged to report that their licence has been breached to the Department of Transport.

    • For those in need of a replacement, contact VicRoads to get a new licence.

    • The Department of Transport has requested that Optus repay the cost of new licences to the Victorian government.

  • For ACT residents:

    • Optus customers affected by the cyberattack are encouraged to call Access Canberra on 13 22 81 and leave their details.

    • Further details are to come regarding replacement driver's licences.

  • For Western Australia, Northern Territory, and Tasmania residents:

    • Nothing has been confirmed regarding replacement driver's licence at the time of writing. This will be updated accordingly once more information comes out.

What can I do to protect myself?

While no financial or password data was compromised as a result of this cyberattack, it's important to stay vigilant in the event of possible cases of identity fraud or further scams.

If you are an Optus customer, there are several things you can do to protect yourself following this cyberattack:

  • Change your passwords and enable multi-factor authentication if available.

    • If you have other important accounts linked to your email, such as banking and financial services, change those passwords too.

  • Be wary of scammers who may contact you via email or social media. Never provide passwords or personal details to anyone who may ask for them online and avoid clicking on suspicious links or attachments.

  • If you receive a call or SMS from someone claiming to be from a financial institution or other organisation, hang up or block the sender, report them to Scamwatch, and contact the organisation by its publicly-available number to confirm the authenticity of the call or message.

  • Monitor your bank and credit card statements, and any other personal financial accounts. Flag any suspicious activity immediately.

  • If you have concerns about your Optus account, contact the telco via the My Optus app or on 133 937.

  • Customers can contact IDCARE, Australia’s free identity and cyber support service, to help develop a plan to limit the damage of identity theft.

Related reading:

If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app.

Image credit: hytam2 at Flickr

All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice. Always seek the guidance of a qualified health professional.

Did this answer your question?