Whether you've read about it in the news or you received an email from Optus directly, the significant data hack impacting customers of the major telecommunications company last Thursday has unsurprisingly left customers feeling unsettled.
Optus has revealed that while financial information and passwords of its customers were not accessed, the breach did compromise names, dates of birth, email addresses, phone numbers and some ID documents including drivers licence numbers and passport numbers.
It is thought that some 9.8 million Australians have been impacted the breach, and around 2.8 million customers have had "significant" amounts of data pulled.
In the aftermath of the hack, the details of 10,000 Optus customers have reportedly been released on the dark web, with people claiming to be the hackers threatening that they'll release more until a ransom amount of $1.5 million is paid out.
If you're a past or present customer of Optus and worried about your data being exposed, scroll on for five tips that will help to protect and secure your accounts.
Make your passwords as strong as possible
The first thing to do (aside from taking a deep calming breath) is to ensure you have strong passwords on your accounts. Strong passwords should be long and contain uppercase and lowercase letters, numbers, and special characters. They should also be different for each of your main accounts, but especially for banking and email accounts.
Enable two-factor authentication
Where possible, enable two-factor authentication on your accounts, and particularly for your banking details. You can do this via the banking app or calling your bank personally and asking them to set this up.
Two-factor authentication can involve a unique code being sent to your mobile or email. Additional security questions (that are difficult for anyone else to answer) are also helpful as an extra step in protecting your accounts.
You can consider changing your passport number
It is understood that just the numbers of drivers licences and passports were taken in the Optus hack—not copies of the entire documents. This means that without the additional details these documents present such as expiry dates or addresses, the risk of identity fraud is a little less severe.
That said, cyber security expert Toby Murray, an associate professor in cybersecurity at the University of Melbourne, told The Guardian there is still a risk.
"Depending on the context, different organisations will ask you just for your driver's licence number or just for your passport number," he said.
He says it's worthwhile thinking about changing your passport number.
It's possible to renew your passport in the usual way you would if your old one expires, via the Department of Foreign Affairs and Trade.
Watch for any suspicious activity
Given that customers' phone numbers have been breached, Optus has advised that it will not send out any emails or texts with links to click on.
To reiterate, if you receive an email from Optus, do not click on any link it may have, even if you believe it to be completely legit. The same goes for phone calls where people might ask for access to your computer or personal information—do not provide them with any information.
Instead, call your bank and reiterate all of the details to them. You can also call Optus direct on 133 937, though expect a delay.
Consider an identity theft monitoring service
There are professional services which can monitor for any suspicious activity in your accounts, or with your emails and personal documents. In Australia, Norton Identity Advisor and Equifax Identity Protect are recommended by experts.
There is also the free online service, HaveIBeenPwned, which checks if your email or phone number has been breached.
Optus has also offered to provide some customers who they believe are at a higher risk with access to Equifax. They will independently inform these select customers and they can access the service within the next few days.