How did this happen?
Optus was the victim of a cyber attack. We immediately took steps to block the attack, which only targeted Optus customer data. Optus’ systems and services, including mobile and home internet, are not affected and messages and voice calls have not been compromised. Optus services remain safe to use and operate as normal.
Has the attack been stopped?
Yes. Upon discovering this, Optus immediately shut down the attack.
We are now working with the Australian Cyber Security Center to mitigate any risks to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.
Why did we go to the media first instead of our customers?
The security of our customers and their data is paramount to us. We did this as it was the fastest and most effective way to alert as many current and former customers as possible so they could be vigilant and monitor any suspicious activity. We are now in the process of contacting customers who have been directly affected.
What information about mine may have been exposed?
The information that may have been disclosed includes customers’ names, dates of birth, telephone numbers, email addresses and, for a subset of customers, addresses, ID document numbers such as driving license or passport numbers. Affected customers will be notified directly of the specific information compromised.
Optus services including mobile and home internet are not affected. Messages, voice calls, billing and payment information, and account passwords have not been compromised.
What should I do to protect myself if I suspect I am the victim of fraudulent activity?
We are currently not aware of any customers suffering damage, but we encourage you to exercise increased vigilance across your accounts, including:
Keep an eye out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Be sure to report any fraudulent activity immediately to the related provider.
Watch out for contact from scammers who may have your personal information. This may include suspicious emails, text messages, phone calls or social media messages.
Never click on links that look suspicious and never enter your passwords or any personal or financial information.
How do I contact Optus if I believe my account has been compromised?
If you believe your account has been compromised, you can contact us via the My Optus App – which remains the safest way to contact Optus or call us on 133 937 for consumer customers. Due to the effect of the cyber attack, waiting times may be longer than usual.
If you are a business customer, contact us on 133 343 or your account manager.
How do I know if I have been affected?
We are in the process of contacting customers who have been directly affected.