Today, this article from The Australian screamed,
Australia’s second largest telco Optus has suffered one of the most significant data breaches in Australian history, with the personal details of millions of customers stolen by hackers in a successful cyber attack.
About 2.8 million customers have had their personal details including drivers licence numbers, home addresses and dates of birth taken, while about 7 million have had their email addresses and phone numbers stolen.
The personal details that were stolen can be used for identity theft. In Australia, businesses use Document Verification Service (DVS) to verify your identity when you sign up for an account. If a hacker already knows the details of your driver’s license, they can fool the DVS into thinking he is you.
There is another disturbing detail in the article:
The breach affects both current and former Optus customers.
You may still be affected if you were once an Optus customer and had submitted your identity documents to them.
There is a little bit of good news though,
… while personal information was exposed, payment detail and account passwords have not been compromised.
Assuming that this information is correct, you will be safe from credential stuffing attacks if you have re-used your Optus account password elsewhere. But this should not be an excuse to reuse your passwords.
Those who have their personal details stolen can expect calls from scammers who know a lot about them.