‘Last thing I need’: Optus customer scrambles to protect from breach

While a sample of the data has been posted online for potential buyers to verify and there are signs it may be legitimate, Optus has not confirmed if the data is from this breach.

But Mr McShane is not taking any chances.

Having bought land and started building a house in western Sydney in 2020, he says the threat of fraud and identity theft is the “last thing I need”.

“I’m going to have to cancel the credit card I have now, order a new one, and I’m going to have to keep a close eye on my bank account,” Mr McShane says of the steps he is taking to reduce the risk.

He believes the way Optus communicated about the breach – announcing it through the media before going to customers – was unacceptable, and says Optus executives should resign for allowing the breach to happen at all.

“They can send out mass text messages. Optus should have done that straight away to let those who have been the worst affected,” Mr McShane says.

Optus says it decided to alert the media first because it believed this was the fastest and most effective way to communicate the message with its millions of customers.

On Monday morning, Optus said it had “now sent email or SMS messages to all customers whose ID document numbers, such as licence or passport number, were compromised because of the cyberattack”.

“We continue to reach out to customers who have had other details, such as their email address, illegally accessed. We understand and apologise for the concern that this has caused for our customers,” Optus said.

The Financial Review understands the company is also preparing to pay for subscriptions to credit monitoring services like Equifax for affected users, with an announcement expected later on Monday.