Further to our recent article on Optus’ data breach here’s a quick update. Customers affected by Optus’ data breach are still far from being safe from hackers.
Recent Optus developments demonstrate just how far these incidents can spread:
- On 8 November 2022, Optus offered its customers a free 12 month subscription to Equifax Protect, to assist in credit monitoring and identity protection. This was offered in an attempt to limit the risk of identity theft and financial loss.
- Only 3 days later, on 11 November 2022, Optus warned of an SMS phishing campaign targeting individuals impacted by its recent cyberattack. Affected individuals have received an SMS claiming to be from Equifax, which aligns with Optus’ offer. However, the link is actually a malicious link, asking individuals to verify their identity using credit card information.
New phishing attempts causing further damage
Optus’ data breach is and remains a timely reminder to stay vigilant and keep an eye out for phishing attempts and scams.
Optus is still contacting customers who may or may not have been affected, and the spread of the data breach is continually increasing.
Optus is also currently being investigated by the Office of the Australian Information Commissioner and is likely to face penalties of up to $2.2 million for each breach of the Australian Privacy Act, as well as penalties from the Australian Communications and Media Authority.
Optus’ experience clearly shows that data breach incidents can extend beyond the original cyberattack. Consumers are now much more hesitant when providing any personal information to businesses and need to feel that the business is taking appropriate action to protect their information.
The Optus data breach has also accelerated the push for increased penalties for breaches of the Privacy Act. The proposed increase for business penalties is the greater of $50 million, 3 times any benefit obtained through the misuse of the data, or 30% of the entity’s adjusted revenue in the relevant period.