• Current Related Scam Activity

    Be aware that just because you receive a scam call, that does not mean that the scammer has your data and knows you were impacted by the Optus Data Breach. Scammers will be randomly calling, emailing and messaging numbers knowing that many of these will reach individuals impacted by the Data Breach.

    myGov Impersonation Scam

    IDCARE is aware of a myGov impersonation text message scam requesting you to update your details.

    Don’t click on the link! Always contact organisations independently via verified means. Australian Government agencies will never send you a link to login pages via SMS or email. Emails with hyperlinks will only be sent to your myGov inbox, not your personal email account.

    If you clicked the link in an SMS or email, contact myGov immediately via:

    • myGov Scams and Identity Theft Help Desk - 1800 941 126 Monday to Friday 8am to 5pm AEST.
    • and refer to  https://www.servicesaustralia.gov.au/what-to-do-if-scam-has-affected-you?context=60271

    IDCARE also recommends logging in to your myGov account to check across all linked accounts:

    • your contact details, including email address and phone number, remain unchanged;
    • multi factor authentication is enabled;
    • your linked services, such as the ATO or Centrelink, remain unchanged. 
    • nbn Impersonation remote Access Scam

    nbn Impersonation Remote Access Scam

    IDCARE is aware of an NBN impersonation scam advising individuals of government mandates for all Optus clients. Scammers may:

    • Explain that there is a requirement for an upgrade from copper based to fibre optic cabling.
    • Advise you must download applications onto your device/s to initiate this process.
    • Ask that you pay a delivery fee for a new modem.
    • Seek to book you an appointment with a technician from the NBN.
    • Request access to your device/s and ask you to leave the room where the devices are located.

    If you receive an unsolicited call from the NBN requesting the above, hang up.

    You can find updates from NBN about what is happening at your address here:https://www.nbnco.com.au/residential

  • Reducing the risks

    If you are concerned about your identity being misused, there are some precautionary steps you may wish to take.

    • Precautionary Measures 

    • You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to you. Never click on links in emails or text messages, no matter how legitimate they appear. Do not be pressured to respond, whether it is by email, text message or telephone. Instead, contact the organisation sending the message directly using contact details you know to be correct.

      Protect your accounts with multifactor authentication, including financial, government, email, and social media accounts.

      Use unique and strong passwords.

      Contact your telecommunications provider/s (other than Optus), utilities providers, superannuation and financial organisations and request additional security is placed on your account.

      Install antivirus on your devices.  This will not prevent all phishing attempts or links to fraudulent websites, but will reduce the risks. You will still need to remain vigilant.

      It is always a good idea to regularly review your account details and security settings for any online accounts.  Check that your contact details are correct, and changes have not been made to any linked bank accounts or other services.

    • Free Credit Reports 

    • Get your free credit reports

      • Your credit reports provide a means to assess whether someone has attempted to obtain credit in your name. It is important to obtain your credit report from all three agencies as some may gather credit information others have missed. If you have credentials, including addresses, for both New Zealand and Australia, then you should check your credit reports for both countries.
      • In Australia, you can obtain a free credit report every three months, or more often if you have been refused credit within the last 90 days, or your credit-related personal information has been corrected. To apply for your credit reports from Equifax, illion and Experian, please see IDCARE’s Fact Sheet on Credit Reports Australia.
      • In New Zealand, there are no limitations to how frequently you can request your free credit reports.  To apply for your credit reports from Equifax, illion and Centrix, please see IDCARE’s Fact Sheet on Credit Reports New Zealand.
    • Credit Bans 

    •  

      Apply for a Credit Ban with Equifax, illion and Experian (Australia)

      We recommend applying for Credit Bans with all three Australian Credit Reporting Agencies.

      • Equifax
      • illion
      • Experian

      Note that you can arrange a ban across all three Credit Reporting Agencies through one application with one of the individual agencies. You can find out more in IDCARE’s Fact Sheet on Credit Bans Australia.

      A credit ban “freezes” access to your credit file, meaning that the Credit Reporting Agency is not able to disclose any personal information from your file to credit providers without your written consent, or if they are required to do so by law.

       

       

      A ban on your credit file does not impact your current credit line or credit payments unless credit is due for renewal (e.g. credit card about to expire). You will still be able to use any credit cards you currently hold and repay any existing loans. 

      However, you will not be able to apply for credit while the ban is in place unless you arrange with the credit provider to temporarily lift the ban.

      To temporarily lift the ban in Australia

      • Experian - complete the online ban lift request form
      • Equifax - call 13 83 32
      • illion - call 1300 734 806 or email pac.austral@illion.com.au

       

      Apply for a Suppression with Equifax, illion and Centrix (New Zealand)

      If you have New Zealand credentials or have a credit history in New Zealand, we recommend applying for credit suppressions with all three New Zealand Credit Reporting Agencies.

      • Equifax
      • illion
      • Centrix

      Note that you can arrange a suppression across all three Credit Reporting Agencies through one application with one of the individual agencies.  You can find out more in IDCARE's Fact Sheet on Credit Suppressions New Zealand.

      A credit suppression “freezes” access to your credit file, meaning that the Credit Reporting Agency is not able to disclose any personal information from your file to credit providers without your written consent, or if they are required to do so by law.

      A suppression on your credit file does not impact your current credit line or credit payments unless credit is due for renewal (e.g. credit card about to expire). You will still be able to use any credit cards you currently hold and repay any existing loans. 

      However, you will not be able to apply for credit while the ban is in place unless you arrange with the credit provider to temporarily lift the ban.

      To temporarily lift the ban in New Zealand

      ·         Equifax – call 0800 698 332

      ·         Centrix – call 0800 236 874

      ·         illion – use the same form as your credit suppression request, but select ‘release request’

    •  

    • Response Recommendations by Credentials

      IDCARE has formed response recommendations relating to the credentials exposed as a result of the Optus Data Breach.

    • Full Name and Date of Birth 

    • Potential Risks

      Individually, these are both low risk identity attributes, however in combination with other attributes (such as address and phone number) scammers engaging you may appear more legitimate.

       

      Recommendations

      You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to you (such as your name and date of birth for “verification”). Never click on links in emails or text messages, no matter how legitimate they appear. Do not be pressured to respond, whether it is by email, text message or telephone. Instead, contact the organisation sending the message directly using contact details you know to be correct.

      Keep being scam vigilant and stay across the latest scams by regularly visiting idcare.org, connecting with our social media, and subscribing to our free online newsletter Cyber Sushi. Another great resource is Scamwatch that collate a wealth of scam information and provide alerting services to our community.

    • Email Address 

    • Potential Risks

      You may see an increase in email phishing attempts, particularly from scammers claiming to be from Optus. These emails may include malicious attachments, links to fake websites or may download malware onto your device. They may encourage you to update or verify your details or to access a reimbursement via a link. IDCARE has already received reports from individuals who have received phishing emails purporting to be from Optus.

      There is also the risk that your email address may be “spoofed” so that it appears to the recipients that the email came from you. If you used a business email to engage with Optus (eg. johnsmith@businessname.com), there is the potential for a scammer to spoof that email address, and attempt to engage with the business to change your personal details, such as your bank account details for your pay.

       

      Recommendations

      Keep being super vigilant about scams and phishing emails. Having a little bit of information exposed (such as your full name, date of birth, email address or phone number) can make the job of scammers much easier when convincing people about their deception.

      Beware of phishing emails, including those asking to update billing details, pay invoices or apply for reimbursements.

      Never click on links in unsolicited or unexpected emails, no matter how legitimate they appear.

      Do not be pressured to respond to emails. Instead, contact the organisation directly using contact details you know to be correct.

      Use an up-to-date antivirus application that includes email protection and scanning.

      Advise your place of employment that you have been affected by the Optus data breach, and that you would like additional security measures to be put in place before any changes are made to your personal details (including email, address, phone number, banking and superannuation details).

    • Phone Number 

    • Attribute

      This could be your mobile or a landline/home phone number (Optus should have details on the exact number/s exposed).

       

      Potential Risks

      The exposure of a phone number can leave you open to being targeted by spam or scam phone calls.

      These can appear to be from legitimate phone numbers with local area codes.

      They often claim to be an authority or organisation, such as the police, a telecommunication company or a government entity.

      The scam-caller may frame the call with a sense of urgency, either in order to avoid a penalty (such as a payment or fine) or to receive a reward (such as a discount).

      IDCARE clients have reported receiving calls claiming to be from Optus offering discounts due to the data breach, and requesting additional information about the individual’s driver licence (including the card number).

      IDCARE has also received reports from clients who provided remote access to their devices following calls claiming to be from a cybersecurity centre. They were advised that remote access was necessary due to their information being exposed through the Optus data breach.

      Scammers may also send fraudulent SMS messages to the phone number. These may impersonate a legitimate organisation and include a link to a malicious download or scam website.

       

      Recommendations

      Keep being super vigilant about scams, particularly telephone and SMS scams. Having a little bit of information exposed (such as your full name, address, date of birth, or phone number) can make the job of scammers much easier when convincing people about their deception.

      Do not feel pressured to respond to a call or text message. If you think a call may be legitimate, hang up and call the organisation back using details that you know are correct.  Do not accept that it is the real organisation because the Caller ID shows their correct number or name – these can be “spoofed” or masked to appear to be teal.

      Do not download apps or software (such as AnyDesk or TeamViewer), follow technology instructions, or allow remote access to your device to someone who has called you.

      Do not click on links in text messages. Instead, contact the organisation using details you know are correct.

    • Physical Address 

    • Attribute

      The physical address will be the one associated with your Optus account.

       

      Potential Risks

      For most individuals, physical addresses are considered low risk identity attributes. However, in combination with other attributes (such as your full name, date of birth, email address and phone number) scammers engaging you via email, SMS or telephone may appear more legitimate.

      Reports made to IDCARE of cyber criminals physically attending the address are very low. 

      You may have additional concerns regarding the exposure of your address if you are a survivor of domestic violence, due to your employment, or for other reasons. If you are in immediate danger, contact the police (in Australia call 000, in New Zealand call 111).

      If you are considering increasing your security, be sure to engage a recognised member of the Australian Security Industry Association Limited (ASIAL) or the New Zealand Security Association (NZSA).

       

      Recommendations

      You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to you, such as your full name, date of birth and address.

      Do not interact with or engage with callers or emails claiming legitimacy because they know your address.

      Never click on links in emails or text messages, no matter how legitimate they appear.

      Do not be pressured to respond, whether it is by email, text message or by telephone. Instead, contact the organisation directly using contact details you know to be correct.

    • Medicare Number 

    • Attribute

      For some individuals, this data breach event included the Medicare number used when creating their Optus account.

       

      Risks

      Your Medicare card number may be used as a form of identity verification in order to create accounts in your name, including financial accounts.

      Services Australia has advised that your Medicare account cannot be accessed with only your Medicare card number.

      Your Medicare card number in combination with full contact details, driver licence and/or passport number can place you at higher risk of misuse, such as access to or creation of financial/credit/loan accounts.

       

      Recommendations

      Before requesting a new Medicare card, confirm with Optus that your Medicare card number was compromised.

      If you’re concerned or you’ve been affected, visit Services Australia’s website for ‘what to do if you’ve been affected by the recent Optus data breach’. If you need further assistance, please call Medicare on 132 011.

      Please note that Services Australia is currently advising that your Medicare card needs only to be replaced. The new card will have the same number, except for the final digit. This can be done online following the advice in the link above. 

      IDCARE recommends that if you believe that the exposure of your Medicare card number presents a broader risk to other accounts (such as financial accounts), then you may wish to apply for a completely new card number using the Services Australia MS011 form. More information on this process can be found online at Services Australia. When completing the form, you will need to select “transfer to a new card”, and have everybody who is listed on your current Medicare card complete their details if they also wish to transfer to a new card number.

      myGov Impersonation Scam

      IDCARE is aware of a myGov impersonation text message scam requesting you to update your details.

      Don’t click on the link! Always contact organisations independently via verified means. Australian Government agencies will never send you a link to login pages via SMS or email. Emails with hyperlinks will only be sent to your myGov inbox, not your personal email account.

      If you clicked the link in an SMS or email, contact myGov immediately via:

      • myGov Scams and Identity Theft Help Desk - 1800 941 126 Monday to Friday 8am to 5pm AEST.
      • and refer to https://www.servicesaustralia.gov.au/what-to-do-if-scam-has-affected-you?context=60271

      IDCARE also recommends logging in to your myGov account to check across all linked accounts:

      • your contact details, including email address and phone number, remain unchanged;
      • multi factor authentication is enabled;
      • your linked services, such as the ATO or Centrelink, remain unchanged. 
    • Passport Number 

    • Attribute

      For some individuals the data breach event included the passport number used when creating their Optus account.

       

      Potential Risks

      The exposure of a Passport number can leave you open to SIM (Subscriber Identity Module) swaps.

      Unauthorised access to financial accounts can occur where the Passport number is used as a form of verification.

      New financial accounts (debit accounts, credit cards, personal loans) can be created and this can extend to By-Now-Pay-Later (BNPL) products.

      When a scammer has your Passport details, they can create social media accounts in your name and take over existing accounts. They may also establish new utility accounts and apply for rental properties. 

       

      Recommendations

    • Australia

      On 30 September, the Prime Minister of Australia confirmed that Optus will cover costs for affected customers wishing to receive a new passport due to the breach.

      The Australian Passports Office is working with Optus to finalise these arrangements.

      Customers who choose to replace their passports can call the Australian Passport Office on 131 232.

      As this information is being updated daily, please check the Australian Passport Office website to confirm advice and follow any updates here.

    • New Zealand

      There is currently no information about whether Optus will cover the costs for the replacement of non-Australian passports.

      For holders of New Zealand passports, the Department of Internal Affairs (DIA) can place a flag on your passport which will alert DIA if an application is made to replace or renew your passport. DIA call centre staff have been unable to confirm with IDCARE if the impacted individual will also be notified of a renewal or replacement attempt.

      According to the DIA, a flag on your passport will not prevent:

      • your passport being used for travel, or
      • someone from using your passport for credit applications or identification purposes unrelated to international travel

      However, a flag may delay processing of your own application for a replacement or renewal passport. 

      To place a flag, contact DIA online or call 0800 225050.

      If you choose to replace your passport, you can apply for a new passport online. This will automatically cancel your current passport, but an application fee will apply.

    • Other

      There is currently no information about whether Optus will cover the costs for the replacement of non-Australian passports.

      If you are not in your home country, contact your embassy or consulate to discuss the process of replacing your passport.  You can find your nearest embassy or consulate in Australia or New Zealand.

      If you are in your home country, contact the government organisation responsible for issuing passports to request further information regarding replacing your passport.

      Please be advised that your visa or other immigration documents will have been issued using your current passport number.  In Australia, you can update your passport details with the Department of Home Affairs. In New Zealand, you can follow the process to transfer your visa to your new passport through Immigration New Zealand.

    • Driver Licence Number 

    • Attribute:

      For some individuals the data breach event included the driver licence number used when creating their Optus account.

       

      Potential Risks:

      The exposure of a Driver Licence number can leave you open to SIM (Subscriber Identity Module) swaps.

      Unauthorised access to financial accounts can occur where the Driver Licence is used as a form of verification.

      New financial accounts (debit accounts, credit cards, personal loans) can be created and this can extend to By-Now-Pay-Later (BNPL) products.

      When a scammer has your Driver Licence details they can create Social media accounts in your name and takeover existing accounts.

      Services Australia have advised that your myGov account cannot be accessed with only your driver licence number and details. 

      IDCARE advises that your driver licence number in combination with full contact details can place your identity at higher risk of misuse. This could occur through criminal activity such as:

      • attempting access to accounts via impersonation
      • account access facilitated by SIM Swap
      • changing details to your online accounts
      • establishing new utility accounts and
      • applying for rental properties in your name.

       

      Recommendations:

      The States and Territory driver licence issuers have updated the processes and costs for the reissue of drivers licences for those impacted by the Optus data breach.

      Check your relevant State and Territory issuer for most recent advice:

      View advice for ACT here

      View advice for NSW here

      View advice for QLD here

      View advice for SA here

      View advice for TAS here

      View advice for WA here

      View advice for VIC here

      View advice for NT here

       

       

    • State Proof of Identity Cards 

    • Attribute

      For some individuals, this data breach event included the Proof of Age number used when creating their Optus account.

       

      Risk

      The exposure of a Proof of Age number can leave you open to an unauthorised SIM Swap.

      Unauthorised access to financial accounts can occur where the Proof of Age is used as a form of verification.

      New financial accounts (debit accounts, credit cards, personal loans) can be created and this can extend to By-Now-Pay-Later (BNPL) products.

      Services Australia have advised that your MyGov account cannot be accessed with only your Proof of Age number or card details.

       IDCARE advises that your Proof of Age number in combination with full contact details can place your identity at higher risk of misuse. This could occur through criminal activity such as:

      • attempting access to accounts via impersonation
      • changing details to your online accounts
      • establishing new utility accounts and
      • applying for rental properties in your name.

       

       

    • ACT Proof of Identity Card 

      Replacing your ACT Proof of Identity Card may not reduce the risk of your previous card being misused as a form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your Proof of Identity Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
         
      Unlike most Australian states, Proof of Identity card customer reference numbers cannot be changed in the ACT, and will be the same as your current or future ACT driver licence number.  

    • QLD Photo Identification Card 
       
      Replacing your QLD Photo ID Card, with or without a change of Customer Reference Number, may not reduce the risk of your previous card or number being misused as a form of identity. IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your QLD Photo ID Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
       
      You can apply for a new Customer Reference Number (the number on your Photo ID card) if you can provide evidence that your current number has been fraudulently used by another individual. Please note, that the Customer Reference Number on a Queensland Photo ID card is the same as the number on your current or future Queensland Driver Licence number. You do not need to request a change of Customer Reference Number for both your driver licence and your QLD Photo ID card, but make sure that when you submit your application, you inform Transport and Main Roads if you hold both credentials.  
       
      To request a change of Customer Reference Number: 

      You will need to provide evidence of misuse which could include: 

      • A letter from the Queensland Police stating that your QLD Photo ID card has been misused. 
      • A ReportCyber receipt (CIRS) number, if the compromise or misuse of your QLD Photo Identification Card occurred online 
      • Written confirmation of fraudulent activity on the company letterhead of a service provider 
      • A Queensland Statutory Declaration detailing what has happened and how your Proof of Identification CRN remains at risk, and signed by a Justice of the Peace or Commissioner for Declarations

      Submit these in person to your nearest Transport and Main Roads Service Centre. 

    • NSW Photo Card 

      Replacing your NSW Photo Card may not reduce the risk of your previous card or number being misused as form of identity. IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your NSW Photo Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
       
       A replacement card will have both a new card number and stock number, but the expiry date will remain unchanged.  

      1. Replacement cards can be ordered online, unless you have changed your address within the last 14 days or you have already ordered a replacement card within the last 12 months. 
      2. Visit a NSW Service Centre if you would prefer or need to order you replacement card in person. You will need to bring proof of identity and a completed Photo Card Application form. 
      3. Pay the $14 replacement fee.  
      4. Your replacement card will arrive by post, so make sure your letterbox is secure.  If you haven’t received the card within 10 days, contact Service NSW on 13 22 13. 

    • NT Evidence of Age Card 

      Replacing your NT Evidence of Age Card may not reduce the risk of your previous card or number being misused as form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your Evidence of Age Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
        
      A replacement Evidence of Age card will have a new card number and expiry date. The process for replacing the card depends on when your last photo was taken by the Motor Vehicle Registry (MVR).  
       

      1. Fill in the application for evidence of age card form. 
      2. If your last photo taken by the MVR is over 5 years old, you will need to apply for a replacement card in person at the Motor Vehicle Registry, have your photo taken at the office and pay the $28 replacement fee. 
      3. If your most recent photo with the MVR was taken within five years, you can choose to request a new card by mail or email. In this case, pay the $28 replacement fee by cheque or money order, or by calling the MVR on 1300 654 628 after they have received your application to pay by MasterCard or Visa. Submit your completed application to mvr@nt.gov.au or by mail to: 
         
        Motor Vehicle Registry 
        GPO Box 530 
        Darwin NT 0801 

    • SA Proof of Age Card 

      Replacing your SA Proof of Age Card, with or without a change of client number, may not reduce the risk of your previous card or number being misused as a form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email.  Also, request additional security for your existing accounts that may use your Proof of Age Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
       
      A replacement Proof of Age card will have the same client number as your previous card, however the manufacture audit number on the back of the card will be different. Please note that your Proof of Age client number is the same as your current or future driver licence number.  
       
      Service SA has advised IDCARE that if you have been informed that your Proof of Age card was exposed in the Optus data breach, you can request a new client number using the same process as applying for a new driver licence number. You can find more information at Service SA - Optus Data Breach.

    • Tasmania Personal Identification Card 

      Replacing your Tasmanian Personal Identification Card may not reduce the risk of your previous card or number being misused as form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your Personal Identification Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
        
      To replace your Personal Identification Card, you will need to follow the same process as when you first applied. Your new card will have a different number to the one you are replacing. 

      1. You must apply for the new card in person at a Service Tasmania Centre.  
      2. Complete the Application for a Personal Information Card form, making sure that you have the required Evidence of Identity documents as listed on the form.  
      3. Pay the $29 application fee. 
      4. Your new card will be posted to you within 10 business days, so make sure that your letterbox is secure.  If your card does not arrive, contact Service Tasmania on 1300 13 55 13 

    • Victorian Proof of Age Card 

      Replacing your Victorian Proof of Age Card, with or without a change in card number, may not reduce the risk of your previous card or number being misused as a form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your Proof of Age Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 

      1. If the card was issued in the last three months and no details have changed, you can request a replacement card by emailing contact@vgccc.vic.gov.au. Include your full legal name, date of birth, residential address and the reason you are requesting a replacement card. Upon receipt of your request, the VGCCC will contact you regarding how to pay the $25 replacement fee. This card will have the same number as your original proof of age card.
      2. If the card is older than three months you will need to apply for a new card, which costs $10. This card will have a new number. In addition, email contact@vgccc.vic.gov.au with your full legal name, date of birth and residential address to advise them of a lost or stolen proof of age card.
      3. Your card will be posted to you, usually between 20-25 business days from when you submit your application, but sometimes in as little as 10 business days. Make sure your letterbox is secure, and if you are concerned that your card has not arrived contact the VGCCC via email or call 1300 182 457. 

    • WA Photo Card 

      Replacing your WA Photo Card may not reduce the risk of your previous card or number being misused as form of identity.  IDCARE advises that you continue to monitor for misuse by following the “Detect” measures provided at the beginning of this email. Also, request additional security for your existing accounts that may use your WA Photo Card as part of verifying your identity.  This could include, but is not limited to, banking and finance accounts, superannuation, Commonwealth Government services (such as myGov), telecommunications and utilities providers, and social media accounts. 
       
      Your replacement card will have the same client number and expiry date as your original card. Please note that your WA Photo Card has the same number as any previously held, current or future WA driver licence. If your driver licence was also exposed due to the Optus data breach, IDCARE recommends following the steps to replace the driver licence first.

      To replace your WA Photo ID:

      1. You must apply for a replacement card in person at a Driver and Vehicle Services Centre. You will need to bring proof of identity documents and complete a Photo Card Application PC1. 
      2. Pay the replacement fee of $30.90 (IDCARE currently has no information about whether this cost will be covered by Optus). 
      3. Your replacement card will be mailed to you within 14 days of your application, so make sure that your letterbox is secure. If your card does not arrive, contact the Department of Transport on 13 11 56. 
    • Australian Business Number (ABN) / Australian Company Number  

    • For some individuals, this data breach event included the Australian Business Number or Australian Company Number used when creating their Optus account.

      Risk

      As ABNs and ACNs are publicly available information, additional risk to you from the Optus data breach is low.

      However, IDCARE has received reports of cancelled ABNs being fraudulently reactivated and registered for GST. These instances have occurred both before and after the Optus data breach notification, but the risk may have increased due to the information exposed.

      Recommendation

      You can check the status of your ABN on the free public Australian Business Register ABN Lookup. You can also login to your Australian Taxation Office (ATO) account, select My profile from the Menu, and then Personal details.

      If you see that your ABN has been reactivated, or that there is an ABN listed that you did not apply for, contact the ATO Client Identity Support Centre on 1800 467 033 between 8am and 6pm AEST (Monday to Friday).  As well as correcting the status of your ABN, enquire about any additional security that can be placed on your account and consider enrolling your voice on their system.

      For all holders of ABNs and ACNs, regardless of its status, you can also check whether Australian websites are using your ABN/ACN details by completing a Registry Search Request Form with auDA.

    • Should be Empty: