Optus, Australia’s second-largest telecommunications company, announced last week that identifying details of up to 9.8 million customers were stolen from their customer database.  

The details, dating back to 2017, include names, birth dates, phone numbers and email addresses. Some customers' addresses and driver licence and passport numbers may also have been impacted.

Identify your most vulnerable accounts and secure them

Make a list of your accounts, including:

• Bank accounts
• Superannuation or brokerage accounts
• Important medical information
• Online accounts where your credit card details are saved.

Consider updating your password to a new – never used – password for each account as a precaution. Many accounts allow multi-factor authentication, which adds an extra layer for criminals to break through, for example, by requesting an additional code to type in. Activate multi-factor authentication on sensitive accounts, such as banks, superannuation, and brokerage accounts.

• Take extra care in verifying emails and text messages. Never click links sent via text or email.
• Do not assume someone calling from a company is legitimate. Get the customer support number from their website and call them on that number.
• Creating unique and secure passwords for every service is the best defence. Do not reuse passwords across multiple services, as they can be used to access other accounts.

Australians caught up in the data breach can change their driver licence numbers and get new cards, with Optus expected to bear the multimillion-dollar cost of the changeover.

New South Wales

You can apply for a new licence via Service NSW. If you have a digital licence, you can get an interim card number issued instantly via the Service NSW app. You will get a new licence card within ten business days.  

Optus will contact customers in the coming days to confirm if they need to apply for a replacement driver's licence.  

There is a fee of $29 and reimbursement advice will be issued by Optus to customers in the coming days.

Queensland

If you have been advised by Optus that your ID information has been compromised, you can get a free replacement from the Department of Transport and Main Roads. It will include a new driver's licence number.  

The department has set up a dedicated hotline for immediate help: 07 3097 3108.

South Australia

Getting a replacement licence will be free for South Australian drivers. Service SA has advised people seeking a replacement card to attend one of its centres with documentation from Optus. Those who have already paid for a replacement licence can get a refund through Service SA. 

Victoria

Victorian drivers are being encouraged to report their licence has been breached to the Department of Transport. If you are concerned about your licence details and have been notified by Optus that your data has been breached, contact VicRoads to request a replacement. The department has asked Optus to repay the cost of new licences to the Victorian Government. 

Australian Capital Territory

Access Canberra is prioritising the replacement of driver licence cards for people who have had both their driver licence number and card numbers compromised. Optus will credit the cost of a replacement licence if both fields were breached. Affected customers can call Access Canberra on 13 22 81.

Tasmania

Service Tasmania advises that if Optus has confirmed your Tasmanian Government Personal Information Card has been compromised, you can apply for a replacement card. This will have a new card number. You must show your Optus data breach communication or provide a Statutory Declaration that states your personal information was breached by the Optus data leak. There will be no charge for the replacement.

Western Australia

A new driver licence card with new numbers will be issued to those who have been informed by Optus that their driver licence information has been compromised. You will need to visit a WA Department of Transport service centre or regional agent with an Application for New Licence Number (E126) form. To get a replacement card, you will need to provide primary and secondary proof of identity, along with the Optus notice that your licence details were included in the data breach.

Northern Territory

There has been no word as of 1pm (AEST) Wednesday 28 September from those governments on what Optus customers can do regarding driver licences. 

There’s some good news for people wanting to apply for a new passport due to the Optus data breach.

Last week, it seemed passport holders would have to fund the replacement. However, the Australian Government has confirmed that Optus will cover costs for affected customers.

The Australian Passport Office says it is working with Optus to finalise these arrangements. Optus will contact customers that are affected.

For the most timely and accurate information on this issue please refer the APO’s Optus Data Breach page.

If you are concerned or have been affected, you can replace your Medicare card. You can do this by using your Medicare online account through myGov.  

If your Medicare or Centrelink account has been compromised, call the Scams and Identity Theft Help Desk.

The Australian Electoral Commission (AEC) have advised registered voters that if they are impacted by the Optus breach, there is no need to update any information with the AEC. This applies to federal, state/territory, and local council elections.

“We know that electoral enrolment won’t be front of mind for somebody affected by a data breach, and for the vast majority of voters it won’t have to be at all,” AEC commissioner Tom Rogers said in a statement.

“[But please know that] the AEC regularly receives licence and passport information from our partners in federal, state and territory governments, which means a change to your licence or passport number will not affect your enrolment.”

The law firm, Slater and Gordon, said it was investigating whether a deficiency in Optus's management of data had led to the personal information of current and former customers being leaked.

"At this stage, we consider that affected customers may have claims against Optus for failing to properly store and secure customer data and allowing it to be accessed by a bad actor," the firm's Ben Zocco said.

Class actions are a way for groups of people to seek remedies to a problem that affects them all.

"If there is a large class action, then they have the right through a representative to sue someone or some entity that they believe has breached the law," he said.

Class actions can involve "anything from seven people upwards".

In Optus's case, it could involve thousands of people.

For further reading: The Conversation, The Guardian, ABC News, Services Australia, SBS