OAIC statement on Optus data breach

22 September 2022

The OAIC has been contacted by Optus and made aware of their data breach.

The OAIC will engage with Optus to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process.

Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.

The NDB scheme ensures individuals are informed and can take steps to protect themselves from any further risk. Following a breach, individuals need to be alert to any suspicious or unexpected activity on their personal accounts or devices.

Under the Privacy Act, organisations have obligations to protect against unauthorised access, unauthorised disclosure or loss of personal information. When a breach occurs, an organisation should contain the breach and take remedial action.

Further information on how organisations should respond to breaches is available on the OAIC website as well as advice for individuals.

Scamwatch provides further resources. Individuals are advised to check the Optus website for information and contact Optus via the My Optus App or call 133 937.