A person dressed in a hoodie using a computer

Optus breach: insights and useful resources from our cyber security expert

In light of the recent Optus cyberattack, our Cyber Security expert and CEO of FirstFocusIT, Ross Sardi, has shared some insight and resources that might be helpful to anyone who may have been affected by the breach.

What happened?

On 22 September 2022, Optus confirmed that details of users from as far back as 2017 could have been accessed in a major breach.

This breach is still considered an active incident, and exactly what has occurred will evolve as more verified information becomes available from official sources.

While several claims are being made in the media regarding the exact source of the breach, there are two clear facts that we should all be keeping front of mind:

  • All organisations have a responsibility to protect personal information, whether that is in the form of physical or digital records. Those that aren’t taking reasonable steps to do so will be held liable for their negligence, and that should be whether an actual breach occurs or not.
  • Any cybersecurity incident involving data theft is a criminal offence, and the perpetrator(s) should be treated as such. Regardless of how well-secured the data is, cybercrime should not be normalised.

Many people are rightfully concerned about how this could happen, and early indications are that this incident will lead to a larger review of data protection laws within Australia. Any changes in this area will likely affect all organisations, so should be followed with interest.

Where can you find help?

Optus is working with several federal authorities to help protect customers whose information was exposed by the breach and minimise the potential impact to those people.

The following organisations have already produced a range of resources to help mitigate the severity of information misuse that eventuates from this breach:

  • Optus has employed IDCARE to support customers who have experienced misuse of sensitive information as a result of the data breach. IDCARE has also provided Optus customers with a fact sheet outlining steps to consider, summarised in the Optus Data Breach Response Fact sheet (idcare.org).
  • The Australian Cyber Security Centre has advised current and former customers who may have been affected on their website (cyber.gov.au). The ACSC’s CYBER1 hotline provides advice and referral information to those impacted (1300 292 371).
  • Moneysmart gives advice and straightforward steps to protect your personal information from potential misuse. Those impacted by the incident are advised to review Moneysmart’s advice on identity theft (moneysmart.gov.au).
  • The Office of the Australian Information Commissioner is another trusted source, providing general information on responding to a notification of a personal data breach to reduce your risk of harm (oaic.gov.au).

Other cybercrime organisations will likely leverage this incident to conduct phishing campaigns. Optus has advised that their official communications will not include links, so please be mindful of any emails with links that appear to be from Optus.

Optus has a dedicated web page to stay updated with new information as it’s released (optus.com.au). We hope these resources are helpful in the meantime.

About: Ross Sardi

Ross has 20 years of experience in managed IT services and consulting across small to mid-size businesses, Government and Education. After running his business for 10 years, Ross worked with other IT service providers, from a 3-person Managed Service Provider to Dell’s consulting division and is now CEO of First Focus IT.

Join Ross in our Cyber Security Accelerator to work through 5 actions to help your business secure any critical information stored in cyberspaces: