Data Breach Exposes Millions of Australians to Identity Theft

Data Breach Exposes Millions of Australians to Identity Theft

Breaking NewsOctober 26, 2022

A major cybersecurity incident has occurred at Medibank Private just weeks after 30% of Australians had their information held ransom in the Optus data breach.

A major cybersecurity incident has occurred at Medibank Private just weeks after 30% of Australians had their information held ransom in the Optus data breach.

The recent attacks on Australians and their personal data have caused uneasiness bubbling to the surface, along with the question: Is Australia particularly exposed to data breaches?


Whether it‘s telecommunications giants like Optus, private health goliaths like Medibank, or Australia’s biggest supermarket chain Woolworths — hackers are getting hold of our data regularly. With all this going on, you might be left wondering what exactly the hackers are doing with your data and how it could affect you. More importantly, is there anything that can be done about it?



Money, money, money – it’s a rich man’s world.

It’s all about the money for these data hackers. In most cases, the data gets sold to whoever pays top dollar, and is used in various nefarious methods like identity theft or extortion – including the company that was stolen from. Security expert Troy Hunt opens our eyes to the fact that the data are often not sold on the dark web as we’d expect, but rather on the ‘clear web’: websites accessible to anyone.

Troy says that mass auto phishing attempts are made first in the instance like the Optus data breach.

“Since these hackers have your email, they know you’re an Optus customer, and have some of your other basic personal information, such as your name and address. The next step is to quickly create thousands or millions of convincing emails that look like they are coming from Optus.” Troy also goes on to explain. “A legitimate looking email might find its way into your inbox, asking you to enter your credit card number or ask you for further information. If one in a thousand ”


When sold to third parties, the data are often used in more targeted and sinister methods – mainly identity documentation. Remember how Optus and Medibank asks for 100 points of ID before signing you on for a contract or plan? The information you provide to these companies are often the same information used to get lines of credit, meaning that your leaked data could potentially allow someone to spend money, in your name.




Is there anything you can do to improve your security?

There are some steps you can take right now to ensure you don’t fall victim.


1. Contact your bank and IDCARE

If you have been a victim of a scam or identity theft following the Optus or Medibank data breach, contact your bank immediately and call IDCARE on 1800 595 160. IDCare is Australia’s national identity and cyber support service.

Your financial firm may have published information on their website or emailed you about the steps they have taken to protect you from scams and fraud following the data breach.


Information from financial firms:


2. Change your passwords and enable two-factor authentication

The Australian Cyber Security Centre and Home Affairs Minister Clare O’Neil have emphasised checking and improving the security of all your important accounts: turning on two-factor authentication where possible, making sure your passwords are secure and unique, and guard against phishing attempts. Experts also recommend checking how much of your information is already available online — like contact details on LinkedIn, or dates of birth on Facebook — which criminals could use in addition to anything they’ve retrieved through a hack, to steal your identity.


3. Change your license and passport

After a breach like Optus, measures can be taken to minimise the impact, said Mr Hunt, like replacing your licence and passport. As part of a new national Documnet Verification System adopted in South Wales (and most other states), driver’s licences now include three security points. Licenses now have a licence number on the bottom left of the card, an expiry date, and a new card number in the top right-hand corner of the card. If you reside in NSW and have had your card and license numbers leaked, you will require a new card number – which can be issued within days by contacting Service NSW. You can do so online, visit a Service Centre in person, or call 13 77 88.

In Canberra, the ACT Government is closely monitoring the breach and understands the concerns that Canberrans have for the security of their identification documents. Access Canberra has established a dedicated team to take enquiries from people who are concerned about their driver licence number and/or card number being compromised. The team can be contacted on 13 22 81 and selecting option one. The team is available Monday to Friday from 8:00am to 6:00pm and weekends from 9:00am to 5:00pm.

Queenslanders affected by the Optus data breach can apply for a new driver licence number (customer reference number) free of charge. To replace your driver licence and change your customer reference number, you will need to visit the service centre in person and bring the necessary documentation to your local transport and motoring customer service centre. You can show the Optus data breach email, text or account message on your device.


4. Request a copy of your credit report

One last thing to consider is getting a copy of your credit report to check its accuracy — you’re entitled to a free credit report once every 12 months. Your credit report will also show which organisations have recently checked your credit history, so you can advise them not to authorise a new account in your name.

Optus announced last week it would be offering a 12-month subscription to Equifax Protect credit monitoring to all affected customers, so if you haven’t heard from Optus, do look out for a direct communication from them on how to start your 12-month subscription.

If needed, you can contact the credit reporting bodies and have your credit file temporarily blocked

  • Equifax – 138 332
  • Experian – 1300 783 684
  • illion – 1300 734 806



Need further clarification? Speak to our friendly team on 1300 815 921 or at

At Green Associates, all of our advisers are fully licensed and listed on the ASIC Moneysmart Financial Adviser Register. Green Associates is committed to providing the best solutions for you and your wealth-creation journey.

Written by

Davina Skene

Accredited Mortgage Consultant

Learn More