Are my bank accounts safe? How to know if you’ve been affected by the Optus or Medibank data breach

Locked smartphone on yellow.
Photo by Franck Do on Unsplash.

On 22 September 2022, Optus announced the personal data of up to 9.8 million Australian customers has been breached in a cyber attack. Since then, national banks have been on high-alert monitoring accounts for suspicious or fraudulent activity, and we've had another massive data breach with Medibank, where a reported 5.1 million customers had their details exposed.

Here’s how to know if you’ve been affected by the Optus or Medibank breach, and what you can do to keep your bank accounts safe.

What happened during the Optus data breach?

Cartoon hand slots a key into a keyhole, like how hackers broke into Optus.

While we don’t know the specific details of how or why the attack happened, Optus notified the public on 22 September that a cyber attack on its systems was detected and stopped. 

The “sophisticated” breach targeted Optus customer data and potentially affects up to 9.8 million Australians. The stolen data includes:

  • Names
  • Birth dates
  • Email addresses
  • Mobile numbers.

Additionally, a smaller subset of customers had their official ID numbers stolen, which includes passports, driver’s licences, and Medicare cards. This can leave them vulnerable to identity theft; attackers could theoretically pose as them and apply for credit cards, loans, and other forms of debt in their name. 

However, Optus stresses the following data has not been breached: 

  • Messages (SMS and MMS).
  • Voice calls.
  • Account billing and payment details.
  • Account passwords.

As such, there is no need to change your credit card or direct debit details on your Optus account just yet. We’ll explain more about how the breach may affect your bank account below.

Additionally, customers with mobile plans from GOMO may have had their data compromised since this carrier piggybacks off Optus’s network. Customers on other Optus MVNOs like Coles Mobile, Catch Mobile, and amaysim have not been affected, according to Optus.

What happened during the Medibank data breach?

Collage of a woman checking her details on her computer after a data breach.

On 12 October, Medibank reports it detected suspicious activity on its systems. While early reports suggested no data had been taken, an authentic ransom notice for customer data soon proved the incident was worse than the provider supposed.

Since then, Medibank announced cyber criminals did indeed access and view customer data, which may have been stolen by the hackers. Breached data points include the following:

  • Name
    Date of birth
    Address
    Phone number
    Email address

In addition, the health claims data for roughly 160,000 Mediabnk customers has been compromised, including:

  • Service provider name and location
    Medical service locations
    Codes associated with diagnoses and procedures

The leak applies to up to 5.1 million current and former Medibank customers.

Data that was not accessed includes:

  • Payment details (include credit/debit cards)
    Drivers licenses
    Medicare card numbers
    Health claims data for extras services, like dental, physio, optical, and psychological appointment. 

This means there is no need to change your payment details with Medibank.

Up to 2.8 million ahm and 1.8 million international customers may have been implicated in the attack, too, with the criminals accessing data such as names, DOB, addresses, phone numbers, and email addresses, as well as:

  • ahm Medicare numbers (without expiry dates)
    International customers passport and visa details
    Health claim details for 300,000 ahm and 20,000 international customers
    Health provider details like name, provider number, and practice addresses.

Around 5,200 My Home Hospital (MHH) customers have had some data leaked, as well, such as personal and health claims data. Roughly 2,900 had their next of kin contact details were viewed, too. 

How do I know if I’ve been affected by the Optus or Medibank data breach?

Collage of a man shouting how know if you've been affected by the data breach.

Both Optus and Medibank have been notifying affected customers via text, email, and post. 

If you are a current or former Optus customer and haven’t yet been contacted about the breach, you can reach out safely via the My Optus app or by calling 133 937. 

If you are a current or former Medibank customer and haven't yet been contact about the breach, you can reach out safely to the provider by calling 132 331 or visiting the Medibank cyber incident hub, where Medibank has collected details of further support services. 

Optus and Medibank have both explicitly stated they will not send links in official communications about the attack. Scammers will often pose as the government or companies in the fallout of a data breach, asking you to confirm your personal details to check if they’ve been compromised. Be wary of suspicious and out-of-the-blue communications, and never give out personal details online or over the phone.

For more detailed information on how to clock potential scams, head over to the ACCC’s Scamwatch.

How to keep your bank accounts safe after a data breach

Collage of a person scanning a credit card in cyberspace.

While bank account passwords and payment methods were not lost in the Optus and Medibank data breaches, email addresses, names, and phone numbers were. Scammers could use this information to either:

  • Hack into your private accounts.
  • Steal your identity.
  • Spam you with fraudulent emails, texts, calls, or social media messages. 

Australian banks are on high alert right now watching for fraudulent or suspicious activity. But if you’ve been affected by the attack, there are still a few simple steps you can take to protect yourself and your finances.

Firstly, change old passwords and enable multi-factor authentication (sometimes called two-factor authentication). If you’re worried about using your compromised phone number as a backup, apps like Google Authenticator make effective substitutes. 

Secondly, apply for a free credit report to check if anyone could be running up debt in your name. If you notice fraudulent transactions, let your banking provider know ASAP so they can cancel the cards and stop the transactions. If your identity has been stolen, follow this checklist from the Australian government to recover and reestablish your identity.

Thirdly, get in touch with resources like IDCare, the official cybersecurity and identity support service of Australia and New Zealand. If you complete IDCare’s free Get Help form, a case worker will get in contact with you to offer personalised action plans and support. 

Finally, monitor your accounts and be wary of scammers. After the data breach, millions of Australians will be feeling confused and vulnerable – which makes them perfect targets for scammers. Never click on suspicious links, keep an eye on your accounts, and if it sounds too good to be true, it usually is. 

Looking for a safe place to park your money? Browse and compare savings accounts below.

Compare bank accounts - last updated 21 May 2024

Search promoted bank accounts below or do a full Mozo database search. Advertiser disclosure
  • Everyday Global Account

    $0.00

    Apple Pay, Google Wallet

    0% p.a.

    No overseas ATM fees & up to 10 currencies in one account. Switch between currencies instantly 24/7 wherever you are using the mobile app. Receive 2% Cashback on eligible tap and pay transactions under $100. Mozo's Experts Choice 2024 winner for Exceptional Everyday Account.^

    Compare
    Details
  • Everyday Options

    $0.00

    Apple Pay, Google Wallet, PayID

    0.01% p.a.

    An easy, everyday banking account packed with flexible options to help you spend, budget & save better. $0 monthly account keeping fees & option to add up to 9 sub-accounts.

    Compare
    Details
  • Spend Account

    $0.00

    Apple Pay, Google Wallet, PayID, Samsung Pay, Fitbit Pay, Garmin Pay

    0% p.a.

    No monthly fees and no charges for overseas or online payments from ubank. Stay one step ahead with ubank’s spending insights and bill prediction. Apple Pay and Google Pay compatible. Deposits guaranteed up to $250K per customer.

    Compare
    Details
  • Glide Account

    $0.00

    Apple Pay, Google Wallet, PayID, Samsung Pay, FitBit Pay, Garmin

    0% p.a.

    Unlimited free internet transactions. Super fast transfers & use Apple Pay, Google Pay and Samsung Pay. No account keeping fees. Access Any Major Bank & MyState Bank ATM Fee-Free.

    Compare
    Details

^See information about the Mozo Experts Choice Bank Account Awards

Mozo provides general product information. We don't consider your personal objectives, financial situation or needs and we aren't recommending any specific product to you. You should make your own decision after reading the PDS or offer documentation, or seeking independent advice.

While we pride ourselves on covering a wide range of products, we don't cover every product in the market. If you decide to apply for a product through our website, you will be dealing directly with the provider of that product and not with Mozo.