Advice for Survivors and others about the Optus Data breach


On Thursday, 22 September, Optus announced that it had experienced a major cybersecurity attack involving nearly 9 million users. 


Here’s our best advice for survivors who may be concerned:

  1. If you use the same email and password on your Optus Account for other accounts – you should immediately consider changing your password on all other important accounts.  
    • It may be advisable to also set up a new email address for your more important accounts (banking, mygov, super, health insurance) and only use it for those important accounts.    
  2. Change online account passwords (& email address if it is the same as the one you used for Optus prior to the breach)) and enable 2-step verification or multi-factor authentication for banking.
  3. Never click on links or provide personal or financial information to someone who calls, emails or texts you out of the blue.
  4. Place limits on bank accounts. Put spending alerts and/or monitor for any unusual activity and request a ban on credit reports if any fraud is suspected.
  5. Consider applying to change your driver’s licence or passport number if you are concerned about these. 
  6. Be aware of ‘layering attacks’, where multiple platforms (such as an SMS text, an email, and a WhatsApp message) may be used to leverage an attack. The scammers may have personal information about you and know your name, your address, and your date of birth. But you have no way to know who is on the other end of the communication – so, if you weren’t expecting to be contacted, be very sceptical.


Hacker hand stealing data from laptop top down


From the Optus website:

To help protect against fraud, Optus customers are encouraged to look to reputable sources such as:

For Optus customers believed to have heightened risk, Optus will undertake proactive personal notifications and offer expert third-party monitoring services.

The most up-to-date information will be available via For customers who have specific concerns, they can contact Optus via the My Optus App (which remains the safest way to interact with Optus) or by calling 133 937. Optus will not be sending links in any emails or SMS messages.


For more detailed information on how to protect yourself from tech abuse, visit our Technology Safety and Privacy Toolkit.