In light of the recent Optus cyberattack our Cyber Security expert and CEO of FirstFocusIT, Ross Sardi, has shared some insight and resources that might be helpful to anyone who may have been affected by the breach.
On 22 September, 2022, Optus confirmed that details of users from as far back as 2017 could have been accessed in a major breach.
This breach is still considered an active incident, and exactly what has occurred will evolve as more verified information becomes available from official sources.
While there are several claims being made in the media regarding the exact source of the breach, there are two clear facts that we should all be keeping front of mind:
- All organisations have a responsibility to protect personal information, whether that is in the form of physical or digital records. Those that aren’t taking reasonable steps to do so will be held liable for their negligence, and that should be whether an actual breach occurs or not.
- Any cybersecurity incident that involves the theft of data is a criminal offence and the perpetrator(s) should be treated as such. Regardless of how well secured the data is, cybercrime should not be normalised.
Many people are rightfully concerned about how this could happen, and early indications are that this incident will lead to a larger review of data protection laws within Australia. Any changes in this area will likely affect all organisations, so should be followed with interest.
Where can you find help?
Optus is working with a number of federal authorities to help protect customers whose information was exposed by the breach, and together minimise the potential impact to those people.
The following organisations have already produced a range of resources to help mitigate the severity of information misuse that eventuates from this breach:
- Optus has employed IDCARE to support customers who have experienced misuse of sensitive information as a result of the data breach. IDCARE has also provided Optus customers with a fact sheet outlining steps to consider, summarised in the Optus Data Breach Response Fact sheet (idcare.org).
- The Australian Cyber Security Centre has provided advice for current and former customers who may have been affected on their website (cyber.gov.au). The ACSC’s CYBER1 hotline also provides advice and referral information to those impacted (1300 292 371).
- Moneysmart gives advice and straightforward steps to protect your personal information from potential misuse. Those impacted by the incident are advised to review Moneysmart’s advice on identity theft (moneysmart.gov.au).
- The office of the Australian Information Commissioner is another trusted source, providing general information on how to respond to a notification of a personal data breach to reduce your risk of harm (oaic.gov.au).
It is likely that other cybercrime organisations will leverage this incident to conduct phishing campaigns. Optus have advised that their official communications will not include any links, so please be mindful of any emails with links that appear to be from Optus.
To stay up to date with new information as it’s released Optus have a dedicated web page (optus.com.au). We hope these resources are helpful in the meantime.
ABOUT: ROSS SARDI
Ross has 20 years of experience in managed IT services and consulting across small to mid-size businesses, Government and Education. After running his own business for 10 years, Ross worked with other IT service providers, from a 3-person Managed Service Provider to Dell’s consulting division and is now CEO of First Focus IT.
Join Ross in our Cyber Security Accelerator to work through 5 actions to help your business secure any critical information stored in cyber spaces: