What to do if you have been hurt by the cyber attack on Optus
A few days after a huge cyber attack put the personal information of almost 10 million Australians at risk, the CEO of Optus only has two words of advice.
Police are looking into a huge hacking attack on Optus that may have put millions of customers at risk, but the company's boss has only apologized and given a few tips.
Some of the information that may have been stolen in the massive hacking incident were passport and driver's license numbers.
After Optus told them about the alleged "mass data breach," the Australian Federal Police have started to look into it.
In a statement released on Friday, it said, "The AFP will work with Optus to get the important information and proof it needs to do this complicated criminal investigation."
"The AFP's Cyber Command will work closely with a number of agencies, including the Australian Signals Directorate."
In a conference call with reporters on Friday, Kelly Bayer-Rosmarin, the CEO of Optus, apologized for the cyber intrusion and said "it should not have happened."
"I'm sad that we weren't able to stop it," she said.
"It makes a mockery of all the great work we've done to be a leader in this industry, to be a challenger, and to give our customers new and wonderful experiences. I am so sorry."
Ms. Bayer-Rosmarin said that the cyber breach could have big effects on both private and small business customers.
In the "absolute worst-case scenario," 9.8 million customers were affected, but Ms. Bayer-Rosmarin warned that the authorities were still looking into the breach and that the full effects were not yet known.
Screenshots from a dark web hacker forum that can't be verified show that cybercriminals say they have access to a million Optus phone numbers.
Ms. Bayer-Rosmarin told customers to be on the lookout for strange contacts in the near future, because she was worried that bad people who got their hands on the stolen information could use it to make scam calls.
"The only thing customers can do is be careful," she said.
"It really comes down to being more careful and on the lookout for anything that seems strange or suspicious.
"Don't let that happen if someone calls you and says they want to connect to your computer and asks for your password or for you to let them in."
She said that passwords and financial information had not been stolen, but that other sensitive information had.
"We do have a record of the ID number, whether it's a driver's license number or a passport number. "That's the field where the security has been broken," she said.
"I want to reassure people again that they don't have copies of any of these documents, nor do they have any bank information or passwords."
Police want everyone to make their online security stronger so they don't fall for scams and malware.
Customers of Optus whose information may have been stolen are urged to:
- Don't answer any suspicious calls;
- Think about making your password and other online safety measures stronger; and
- In the next few days, look for more information from Optus.
Brett Callow, a threat analyst at the cyber security company Emsisoft, said that companies should do everything they can to collect as little personal information as possible.
"In general, it's best for companies to only collect the information they really need and to keep it for as little time as possible," he said. "In fact, this is a legal requirement in Europe."
"Limiting the amount of data held in this way can help reduce the number of people who are affected when a company is hacked.
"And really, why should businesses keep information they don't need?"
Ms. Bayer-Rosmarin said that it was easy to understand.
"The law says we have to keep customer records for a certain amount of time," she said.
"We have to be able to look back six years in our records, so we keep all the information for that long."
How can I tell if I'm in danger?
Optus will get in touch with customers who have been affected in the next few days.
Customers who think their data may have been stolen or who have other concerns were asked to contact Optus through the My Optus app or by calling 133 937. The company said this was the safest way to talk to Optus.
Optus said that it would not send links in any emails or SMS messages.
What should I do to keep my information safe?
Customers have been told to change the passwords for their online banking accounts and turn on multifactor authentication.
They are also told to limit how much money they can take out of their bank accounts.
In a statement, Scamwatch said, "It is important to know that you may be at risk of identity theft and to act quickly to avoid harm."
"Con artists could use your personal information to call, text, or email you."
Never click on links or give someone who contacts you out of the blue personal or financial information.