Many of you would have already received letters similar to this, cannot say I am very happy about it, what about you? It's good to know that my Optus stuff is safe but...
From the victims' point of view.
Here is the information that was stolen which includes:
-Customers' names
-Dates of birth
-Phone numbers
-Email addresses
-Addresses
-ID document numbers such as driver's licence or passport numbers
This information is enough for someone to get through most security checks over the phone, e.g. ATO, banks, etc. I doubt I can change my driver's licence number; the passport number is possible, but I cannot change my date of birth or address. I would be reluctant to change my email address. The other problem is that the old numbers are still valid in most places. Many ID checks will accept the old info.
What is troubling is that the hack started in 2017. Did anything weird happen to you with your accounts?
Probably the quickest way to check is with a free credit report
To guard against this, you can ask for a FREE credit report from any of the 3 Credit Report Agencies:
Since they each collect slightly different information, you may want to check all of them.
From Optus's point of view
Although still under investigation, this Optus breach is likely human error, as almost all my experiences are successful hacks. If so, it would have been avoidable with proper procedures. If so, there is no one for Optus to blame, so it will probably have to bear much of the cost besides the bad publicity.
Now multiple by 9.8 million people (high-case scenario) to get a feel of the potential costs. This cost is on the low side. It is estimated that a hack in business costs much more than this, more like $200 a person.
From your business point of view
Considering the size of this hack, there is no doubt that new laws will be coming to Australia.
Currently, for a small or medium-sized business (SMB), the average cost of a breach in the US is $108,000. In Australia, it will be more. Just a lawyer and barrister for a few days will cost more. Do the figures yourself; an SMB business with 1,000 customers on its books at $200/account, and you have $200,000.
Some simple security checks could help to reduce the problem.
-Passwords stuck on the walls are not a good idea.
-Change passwords frequently.
-Implement security on your systems.
-As much as possible, never leave computers unattended.
For people who want better, we set up our users with an encrypted disk drive using VeraCrypt.
Anything under VeraCrypt without the correct password is unreadable. Doing this has a significant advantage because no one can read your information if your computer is lost or stolen.
It is so secure that I doubt anyone in Australia could break it.
Also, you may want to consider cyber insurance, but that is a story for another day.