Open Systems Support

Government cyber security advice for Optus and Medibank customers

The recent cyber attacks on some of Australia’s telecommunications and health insurance companies has certainly brought a great focus on ensuring that we take extra precautions when it comes to data sharing and protecting our digital security. A number of cyber security advice are now widely available.

With so many news, stories and updates, our Open Systems Support team members suggested that a good resource to help might be a compilation of the official government advice on next steps if your personal data and information has been breached or compromised through the Optus and Medibank cyber attacks.  

You can also always access the official alerts and advice via the Australian Cyber Security Centre’s website

Optus data breach 

The cyber.gov.au website has advised the following steps if you think you may be affected by the recent Optus data breach

  • Contact Optus Customer service on 133 937.  
  • Secure and monitor your devices and accounts for unusual activity, and ensure they have the latest security updates. 
  • Enable multi‑factor authentication for all accounts. 

If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160. In Western Australia of course, the State government has offered to provide new licenses, free of charge. For more information, visit the Department of Transport’s website. 

If your identity has been stolen, you can apply for a Commonwealth Victims’ Certificate

If you wish to make a privacy complaint, contact Optus directly. If you are unable to resolve your complaint with Optus, you may wish to lodge a complaint with the Telecommunications Industry Ombudsman and the Office of the Australian Information Commissioner

Enhancing cyber security for telcos 

The Australian Government has amended the Telecommunications Regulations 2021 to better protect Australians following the Optus data breach. They will allow Optus to share limited information with financial institutions and Government agencies to detect and mitigate the risks of malicious activity, including ID theft and scams. These changes will reduce the impact of this data breach on Optus customers and enable financial institutions and Government agencies to implement enhanced safeguards and monitoring.  

The Department of Home Affairs has also established a Commonwealth Credential Protection Register to help stop compromised identities from being used fraudulently. The Register will prevent compromised identity credentials from being verified through the Document Verification Service. The Document Verification Service is used by government agencies and businesses, such as banks, to verify an individual’s identity online. 

To stay up to date with the Government’s joint efforts with the private sector and telecommunications industry to combat cybercrime, visit the official website. 

Medibank data breach 

As you might be aware, on 25 October 2022, Medibank Private advised that new information led them to believe the extent of data potentially compromised is larger than originally thought, and affects both AHM and Medibank Private customers. 

If you think you may be affected by the Medibank Private cyber security incident, should contact 13 42 46 and for Medibank Private customers 13 23 31.  

Services Australia has also released a fact sheet that outlines what to do if you’ve been affected by the recent Medibank Private and AHM data breach. 

If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160.  

General cyber security advice 

In addition to the specific Optus and Medibank data breaches, the Australian government has also advised that the following general, simple cyber security steps be observed: 

  1. Update your device and turn on automatic updates to ensure you always have the latest security protection. 
  2. Turn on multi-factor authentication to increase the security of your accounts. 
  3. Set up and perform regular backups to copy and store critical information. 
  4. Recognise and report scams to protect your information and accounts from compromise. 
  5. Implement access controls to limit user access to only what is needed on devices. 
  6. Stay up to date on cyber security threats and trends with ACSC Alert Service

Need more assistance on cyber security for you and your team? 

Please get in touch with one of our team members for a free initial 30 minutes consultation to go through as many questions we can help you with.