Optus customers are demanding free services and no bills after personal information leak

On Sep 23, 2022

Millions of Optus customers left exposed to hackers by a massive security breach are demanding their bills be waived as compensation.

Australia’s second-largest telco revealed that 2.8 million customers’ passport and driver’s licence numbers, email and home addresses, dates of birth and telephone numbers were stolen by hackers on Thursday.

Another seven million people’s dates of birth, email addresses and phone numbers were also leaked.

Optus customers are demanding their bills be waived after a massive cyber attack saw 10 million people’s information leaked

The massive breach is believed to be one of the biggest cyber attacks in Australian history, with criminals taking advantage of a weakness in Optus’s firewall.

The apparent weakness has left customers, past and present, exposed to criminal activity, with many concerned their very private information will be leaked on the dark web.

Now some customers are demanding Optus provide free services for an entire year to make up for the stress caused.

‘How many free years of service am I receiving for you allowing my personal information onto the darkweb?,’ one person wrote on Twitter.

Optus customers’ passport and drivers licence numbers, email and home addresses, dates of birth and telephone numbers were leaked in a massive hack on Thursday

‘Give us free (sports streaming) and waive the next bill ya dumb dogs,’ another said.

‘So my bill this month needs to be free,’ another wrote.

Optus chief executive Kelly Rosmarin said the company is working with the Australian Federal Police to investigate the attack.

‘We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,’ Ms Rosmarin said in a statement.

People are demanding Optus provides free services and cuts bills after an apparent weakness in its firewall saw millions of customers’ information leaked (pictured, example Optus bill)

‘As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.

‘We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.’

Ms Rosmarin said no payment information was leaked but urged customers to monitor their bank accounts and flag any suspicious activity.

Scamwatch said Optus customers should monitor their devices and financial accounts, change online passwords and enable multi-factor authentication, put limits on bank accounts and request a ban on their credit report if fraud is suspected.

SCAMWATCH ADVICE TO OPTUS CUSTOMERS

Scamwatch is warning Optus customers to be on the look out for scams and take steps to secure their personal information following a cyber-attack.

A cyber-attack has resulted in the release of Optus customers’ personal information. If you are an Optus customer your name, date of birth, phone number, email addresses may have been released. For some customers identity document numbers such as driver’s licence or passport numbers could be in the hands of criminals. It is important to be aware that you be may be at risk of identity theft and take urgent action to prevent harm.

Optus customers should take immediate steps to secure all of their accounts, particularly their bank and financial accounts. You should also monitor for unusual activity on your accounts and watch out for contact by scammers.

Steps you can take to protect your personal information include:

More information about how to protect yourself is available on the OAIC website.

Check the Optus website for information and contact Optus via the My Optus App or call 133 937.

Scammers may use your personal information to contact you by phone, text or email. Never click on links or provide personal or financial information to someone who contacts you out of the blue. Learn how to protect yourself from scams by visiting www.scamwatch.gov.au

If you are concerned that your identity has been compromised or you have been a victim of a scam contact your bank immediately and call IDCARE on 1800 595 160. IDCARE is Australia’s national identity and cyber support service, to get expert advice from a specialist identity and cyber security service. You can also report scams to Scamwatch www.scamwatch.gov.au and check cyber.gov.au for information about cyber security.

Chief strategy officer at cyber-security firm CberCX Alastair MacGibbon said Optus customers need to stay on high alert.

‘Personal information has been stolen,’ he told the ABC.

‘A lot of personal information for several million people and slightly less information for about 6 million more.

‘They should be looking for whether criminals are mimicking them, or stealing their identity, or trying to obtain credit in their name.’

He said one way breached customers can protect themselves against financial fraud is by paying for their credit usage to be monitored.

‘That way you will be monitored by credit monitoring services if someone has been using your name and other details to obtain credit,’ Mr MacGibbon said.