Finder makes money from featured partners, but editorial opinions are our own.

Optus cyber attack: Steps to take for new and existing customers (UPDATED)


Personal data of potentially millions of Optus customers may have been compromised in a massive data breach.

Update 28 September

Optus has stated that it has now contacted all customers whose data was exposed as part of the cyberattack. It will continue to reach out to the most affected former and current customers and offer a free 12-month subscription to Equifax - a credit monitoring and identity protection service. The state governments are also working to ensure impacted customers can get their drivers' licenses changed and be reimbursed by Optus. So far, the NSW government has said "Optus will absolutely foot the bill".

Important: Optus is NOT sending links in these SMS or emails. Customers are advised to not click on any links if they recieve an email or text from a source claiming to be from Optus.

Optus, Australia's second-largest telco, suffered a cyber attack on 22 September. A portion of its 9.7 million customers have been impacted though the exact number is yet to be determined.

Here are the personal information that may have been exposed:

  • Customer names
  • Date of birth
  • Phone numbers
  • Email addresses

For some customers, a few other details may have been leaked:

  • Street addresses
  • Driving licence details
  • Passport numbers

Optus said payment details and account passwords were not compromised.

I'm an Optus customer. What should I do?

Optus will be contacting customers it believes are at heightened risk as priority over the next few days. It will then reach out to the others after.

If you are worried, you can contact Optus through the My Optus app or by calling 133 937. Optus said these are the safest ways to reach its customer support.

Here's a look at everything you need to know plus actions to take if you want to be extra vigilant:

  • Make all your accounts more secure by changing their online passwords and enabling multi-factor authentification, especially for banking.
  • Monitor bank accounts for any unusual activity and place limits.
  • Stay alert. Your personal information could be used to contact you via phone, email or text. Do not give away any personal or financial information or click on links you're unsure of. It's best to be as cautious as possible. When in doubt, contact Optus directly.
  • If you're really worried, you can request a change of your phone number.
  • You can also request a change of your driver's licence number.
  • Request a copy of your credit report for any unusual or incorrect debts.

I want to join Optus, but is it still a good idea?

If you plan to sign up with Optus, just make sure you're using strong passwords and practicing vigilance as you would with your finances.

Optus is working with the Australian Cyber Security Centre for advice and technical assistance along with other financial institutions.

"We are upset and devastated that this has happened but we want our customers to know we're doing everything to put their needs first," said Optus CEO Kelly Bayer Rosmarin at a media briefing.

"Optus wants to reaffirm that new customers' information will be safe and not in any way be connected to this attack.

"We immediately took action to block the attack which only targeted Optus customer data. Optus’ systems and services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Optus services remain safe to use and operate as per normal."

What other providers can I sign up with in the meantime?

If you still you want access to the Optus network, you can sign up to one of its MVNOs until the Optus cyber attack blows over and you're comfortable signing up to one of its plans again.

These smaller providers use the Optus 4G network and offer the same amount of coverage as you would get with Optus itself.

Some options include the following:

You can to find a mobile plan with a data and price that best suits your needs.

How did the Optus cyber attack happen?

Optus's CEO said this cyber attack is the subject of criminal proceedings so they are not able to divulge any information.

It also explained that it had stored personal information documents of customers as it was the law and they had to be able to look back at their records for up to 6 years.

"We are taking full accountability for what's happened but it's safe to say this was a very sophisticated cyber attack and should serve as a warning to all organisations," said Rosmarin.

"We don't know who these attackers are and what they plan to do with this information but we need heightened vigilance across the board to help shut this down."

The Optus news comes just a few days after it was announced that Uber had been hit by a significant cyber attack. In this instance, sensitive user data remained proctected but internal production systems had been compromised.

We updated this story with new details on 28 September, explaining actions from Optus for impacted customers and reactions from the state governments regarding reimbursements for drivers licenses.

Compare mobile plans on Finder if you're looking to switch plans or providers.

Ask a Question

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our 1. Terms Of Service and 6. Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site