The telco’s online chat feature has been overloaded with concerned customers trying to figure out if their personal data was compromised in the cyber attack.

Customers have been left horrified after being mistakenly sent other people’s personal details when speaking with Optus representatives while reaching out for information following the security breach.

One customer, who did not wish to be named, revealed he was wrongly sent another Optus customer’s email address and phone number through the telco’s live chat feature.

The man reached out to Optus on Monday to ask what Optus planned on doing to compensate customers impacted by the breach, as well as getting access to Equifax Protect, the credit monitoring service Optus said it would provide to some affected customers.

He was shocked when the representative he was speaking with sent through someone else’s personal details and asked if he could confirm if they were correct.

“Despite being fully authenticated in the app and chat session, the agent sends through another customer’s email address and phone asking if they were my details – the irony that I’m in a chat session with Optus discussing the mishandling of my personal information and they are loosely flicking over other customer’s details,” he told news.com.au.

“That email address and phone number you see in the middle of the chat are another customer’s details.”

Stream more tech news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >

When he pointed out to the agent that they had just sent him someone else’s personal details, the Optus representative said they were “so sorry for the inconvenience”.

The customer said this wasn’t the first experience he has had with Optus exposing other people’s details, claiming another customer’s phone number was added to his account by a franchise Optus store a few years ago.

“In the Optus app/portal I had full visibility into call history and to manage that unsuspecting customer’s phone number settings, like enabling/disabling voicemail etc,” he said.

“I had an out of the blue call from the franchise Optus store saying they’d accidentally put another customer’s number on my account – it had been there for two weeks and yes I had snooped through every possible setting I could see for the customer’s number and call history etc.”

Given this past experience, the customer said he was “not surprised” that Optus was dealing with a leak of this magnitude.

Another customer, Samuel Leighton-Dore, said he had a similar experience being sent other people’s personal details when talking to an Optus representative via the live chat feature.

Taking to Twitter, Mr Leighton-Dore shared a screenshot of the chat in which the agent had sent through three phone numbers and device repayment charges – all of which he claimed related to other customers.

After sending the details, the Optus representative then said: “I request you to ignore the above text.”

The agent then blamed the situation on a “typo error”.

News.com.au has contacted Optus for comment.

Medicare details breached in Optus hack

When attempting to figure out how much of their personal data had been compromised, many Optus customers have been shocked to find out that their Medicare details had also been exposed.

When confirming the attack last week, Optus said the data exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver’s licence or passport numbers.

Now, customers have claimed their Medicare details are also at risk.

One frustrated Optus customer, who wished to remain anonymous, told news.com.au that she contacted the telco on Tuesday morning after not receiving any information about whether her details had been compromised.

After reaching out, she said an Optus representative confirmed her driver’s licence and Medicare card details had been impacted by the breach.

“I still have not received any email/message etc from Optus advising me so I would assume a lot of customers are in the same boat and need to be proactive in contacting Optus themselves,” she said.

“I can see that your account has been flagged as being impacted by the cyberattack,” the Optus representative said.

The Optus worker ensured the woman that her account passwords were “completely safe” before listing the compromised ID documents as driver’s licence and Medicare card.

Minister for Home Affairs, Clare O’Neil, said she was “incredibly concerned” following reports that personal information from the breach, including Medicare numbers were being “offered for free and for ransom”.

“Medicare numbers were never advised to form part of compromised information from the breach,” she said in a statement.

“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”

When news.com.au asked Optus to respond to claims of Medicare details being leaked in the hack, a spokesperson claimed they could not provide further details due to the AFP investigation.

“We are working with the AFP on their investigation of this attack. On their request, we’ve been asked not to discuss further details as it might compromise their ability to find the bad actor,” the spokesperson said.

What to do if you are affected

Optus chief executive Kelly Bayer-Rosmarin apologised for the cyber intrusion in a conference call with reporters on Friday, saying “it should not have happened”.

“I’m disappointed that we couldn’t prevent it,” she said.

Ms Bayer-Rosmarin urged customers to be on the watch for suspicious contacts in the near future, fearing bad actors who access the stolen data could use it to place scam calls.

“What customers can do is just be vigilant,” she said.

“It really is about increased vigilance, and being alert to any activity that seems suspicious or odd, or out of the ordinary.

“If somebody calls you and says they want to connect to your computer, and says to give them your password or let them in, don‘t allow that to occur.”

She said passwords and financial details had not been compromised, however other sensitive information had been pilfered.

“We do hold a reference to the identification information, whether it’s the driver’s licence number or passport number. That’s the field that’s been compromised,” she said.

“I again want to reassure people that they have not got images of any of those documents, nor any bank details or passwords.”

For those who are concerned their data may have been stolen, there are a number of steps you can take to protect yourself.

The Australian Cyber Security Centre has provided advice for those current and former customers who have been impacted.

Australians have been advised to update their devices to protect important information as well as protecting important accounts by using multi-factor authentication.

More Coverage

‘Pay us’: Terrifying text to Optus customer

Ally Foster

‘Many eyes’: Optus hacker’s surprise move

Ally Foster

Customers should also contact their financial institutions immediately and follow their guidance about protecting their accounts.

Those impacted are also advised to contact reputable sources for information such as Moneysmart, ID Care and the Office of the Australian Information Commissioner.

Do you know more? alexandra.foster@news.com.au