Late last month Optus announced that details of 9.8 million current and former customers since 2017 were stolen from their customer database. Representing about 40% of Australia’s population, this may be the worst data breach in Australia’s history, including email addresses from the Prime Minister’s office. These details included names, birth dates, phone numbers, mailing addresses, email addresses and – for some customers – driver’s licence or passport numbers. Using this information someone could pretend to be you and steal your identity, potentially affecting your credit rating.  

I was unfortunately one of these 9.8 million affected customers, so I investigated what options were available to reduce the risk of identity theft.  

1. Place a ban on your credit file

The three main credit agencies are Illion, Equifax and Experian. When a credit check is performed such as when applying for credit or taking out a phone contract, one of these three companies will be contacted to check your credit rating.  

You can place a ban on your credit file so that if someone other than you tried to have a credit check done in your name, your credit reports will not be accessible and they would likely be unable to proceed. Placing a ban on one of the credit files automatically puts a ban on the other two, ID Care has a wonderful guide on how to do this.  

You can place a ban on your credit file for 21 days to start off with, and then extend this to 12 months if you wish. You can also turn off the ban at any time so if you know you’ll need to undergo a credit check, you can pre-emptively do this.  

 2. Access your credit reports to identify any suspicious actions

Accessing your credit reports allows you to check your credit rating and identify if there are any credit checks that weren’t requested by you. You can check your credit rating at any time without it affecting your rating and it also gives you an idea of what has impacted your rating and what you can do to improve it.  

There are multiple websites that allow you to check your credit reports for free, and some of these you can turn on a subscription to receive updates on your credit rating monthly so you can monitor if there are any changes.  

Some of these include: 

OAIC – Access Your Credit Report 

Get Credit Score (Equifax) 

illion Credit Check (Illion) 

ClearScore (Experian) 

Wisr (Equifax and Experian) 

 3. Change license/passport number 

Knowing your driver license or passport numbers allows scammers to port your mobile number to a different sim card, gain unauthorized access to accounts, open new financial accounts, take over social media accounts and gain access to MyGov, ATO and other general accounts, establish new utility accounts and apply for rental properties.  

While it doesn’t appear Passport numbers can be changed yet, Australian State and Territory governments are working on changing driver license numbers for those impacted at Optus’ expense. Check your relevant State and Territory issuer for the most recent advice.

 4. Change your phone number 

Many websites, including Australia’s own myGov website, use SMS 2FA (2-factor authentication) where they will send a text message with a code to your mobile as a second step to verify you are the account holder when logging in. As mobile numbers were stolen in the Optus data breach, this presents a risk that your number could be ported or remotely accessed by someone else, allowing others to read your text messages or answer calls meant for you. 

Furthermore, this makes it easier for you to be scam or spam called or be sent fraudulent SMS messages, as the scammer may have access to all your identifying details.  

 5. Change your email address 

As email addresses were leaked, it may be best to use a new email address to reduce the chance of email scams. Scammers may send emails that may included malicious attachments, links to fake websites or may download malware onto your device.    

6. Change passwords and ideally use a password manager

This relates to changing your email address given you can reset passwords if you have access to the email address registered on an account. Although passwords weren’t part of the data that was stolen in Optus’ data breach, if you use common passwords between accounts, you should change these or ideally use a password manager that can generate and store unique passwords for all your logins.  

I personally have been using Bitwarden which encrypts your data so it cannot be accessed by anyone who doesn’t know the master password to your account (just remember if you forget the master password, you lose all the passwords!). The platform is easy to use providing a website, desktop application, browser extensions and mobile apps.