As Optus announced Monday the telco has commissioned Deloitte to conduct an independent external review of the company’s massive data breach, customers are still left grappling with how best to protect themselves from identity fraud.
The company announced last week they would be offering a 12-month subscription to Equifax Protect credit monitoring to all affected customers, who could expect to receive direct communications from Optus “over the coming days” on how to start their 12-month subscription.
An Optus spokesperson told Guardian Australia that “current and former customers that have had their ID number/s disclosed, in addition to other personal details such as name, phone number, date of birth and email, will be provided with the option to take up a 12 month subscription to Equifax Protect at no cost”.
“Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft. Equifax is taking all measures to deal with the scale and support Optus customers need, within a tight timeline,” a spokesperson said.
However, many customers have yet to receive any correspondence from the telco about the offer over a week after it was made.
Yo @Optus - Haven’t received any information about whether to change my licence or whether to subscribe to Equifax protect (received email that my data was compromised on 23.09) When is this info being sent to customers? Time (and identities) are precious! #OptusHack #optusbreach
— Mitch Doyle (@yabasicmitch) September 29, 2022
Others pointed out that the credit monitoring firm was itself subject to a data breach back in 2017.
What can I do to initiate credit monitoring?
Ryan O’Kell, the head of cybersecurity for Waterstons consultancy services, said Optus customers can directly contact the three main credit reporting bodies – Equifax, illion and Experian – to request a free copy of their consumer credit report every 90 days.
The Office of the Australian Information Commissioner has recommended people worried about identity fraud make the request to all three credit reporting bodies.
The difference between the free reporting services and the Equifax Protect subscription, which Optus is offering, is the level of protection. The latter includes dark web monitoring and identity theft insurance for up to $15,000 a year, in addition to monthly credit reports.
O’Kell said that a number of banks have been told what data was stolen from Optus, so they are also keeping an eye on these customers.
“You can get your score, it gives you an update anytime that changes,” Blackburn said. “You can view your credit report [and] you can see current accounts, credit inquiries, current credit providers, defaults, credit infringements, bankruptcy actions, court actions, commercial credit inquiries.”
She said there were a number of free sites that offered real-time monitoring, so customers did not necessarily have to request a formal credit report every three months.
What is a credit ban?
Scott Pape, better known as the Barefoot Investor, said he believes Optus customers should consider implementing a credit ban to protect themselves.
A credit ban prevents creditors from accessing your credit report as part of a credit check, which prevents someone else from being able to fraudulently take out credit in your name.
In an article for the Herald Sun, Pape compared credit monitoring to a security camera and a credit ban to a “big arse lock on your door that makes it impossible for the robber to get in your house”.
Pape’s suggestion for implementing the ban was to use the app from a division of the Commonwealth Bank, Credit Savvy.
He said Optus customers needed to simply download the app, verify details, press “protect” from the bottom navigation, and finally press “Request a ban”.
You can also request a credit ban from the three main credit monitoring agencies listed above. The ban will last for 21 days but you can request the ban period be extended. Extending it is free and there is no limit on the number of times that a ban period can be extended.
Blackburn said he believes Optus customers should consider the credit ban “especially if you see signs of identity theft”.
Blackburn said at the first sign of unusual activity, customers should contact the organisation involved and request a ban on their consumer credit information.
“That ban period flags you and your identity so that if any credit checks are made against you – so say, someone goes to Vodafone wants a new phone, they use your identity – what will happen is that when that credit check’s done, it’ll get flagged as potentially fraudulent,” Blackburn said.
“And the organisation is not likely to actually give you that credit, they’re more likely to actually flag it with the police.”