Optus says it has now sent emails or SMS messages to all customers whose ID document numbers, such as licence or passport number, have been compromised as a result of the cyber attack.

Some 9.8 million Australians have had their personal information potentially exposed after the company suffered a major security breach last week.

Both current and past customers have been caught up in the fallout, with Optus storing the personal data of previous customers dating back to 2017.

An Optus spokesperson said it is continuing to reach out to people who have had their other details, such as email addresses, home addresses and date of births, illegally accessed.

However, the manner in which Optus has been contacting people has left some less than impressed.

One past customer took particular issue with being addressed as “Former Optus Customer” in the email sent by the telco to inform them their data had been stolen.

Stream more tech news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >

They pointed out that their data had been exposed to hackers who know their name, address, date of birth and numbers on their identity documents, yet Optus could only access enough information about them to refer to them as a “former customer”.

Other Australians have also hit back at receiving an email addressed to “Dear Former Optus Customer”, but for a very different reason.

Multiple social media users claimed they received this exact email despite being current Optus customers, with one Twitter user describing the situation as a “mess”.

News.com.au had contacted Optus for further comment on the situation.

Other Optus customers have shared their frustration at the lack of information they have received from the telco in the wake of the cyber attack.

Two customers impacted by the security breach were overseas on their honeymoon when they heard of the hacking.

The husband, who wished to remain anonymous, told news.com.au he contacted Optus using the MyOptusApp on Sunday afternoon after receiving no communication from the company.

“After being unable to get a straight answer, I asked if there was a number I could call to speak with a human to discuss,” he told news.com.au.

“I was informed the call centre was closed on Sunday. When I expressed my absolute shock that after such a significant data breach, there was no number I could call I was then provided a number to call.”

An Optus representative then reportedly told the man his name, address, email, date of birth, driver’s licence and Medicare details had been accessed.

As this was inconsistent with what he had been initially told through the app, he asked the woman to check again, after which he was informed his licence and Medicare details had not been exposed.

“As of now, I have still not received any notification from Optus about the breach. The only reason I know I am impacted is because I called,” he said.

The man said he wife had the opposite experience when she called Optus, with a representative reportedly telling her she had not been impacted.

But when she woke the next morning she had an email from Optus indicating her information had been exposed.

“Optus clearly has no idea what they are doing in the response,” he said

“To have not received any notification five days later is an absolute joke, and all Optus seems to care about is assuring us that our Optus account is secure.”

Cyber Security Minister takes aim at Optus

In an interview with the ABC’s 7:30 program on Monday night, Cyber Security Minister Clare O’Neil rejected the telco’s claim it experienced a “sophisticated hack”.

“What is of concern for us is how what is quite a basic hack was undertaken on Optus,” the Minister said.

“We should not have a telecommunications provider in this country which has effectively left the window open for data of this nature to be stolen.

“And the thing that’s very exercising for me as Cyber Security Minister is why did this happen and how can we make sure it never happens again?”

“You certainly don’t seem to be buying the line from Optus that this was a sophisticated attack,” noted host Laura Tingle.

“Well, it wasn’t. So no,” was Ms O’Neil’s blunt response.

Ms O’Neil went on to reiterate her call for Optus to provide credit monitoring for its affected customers. Credit monitoring is the tracking of an individual’s credit history for any changes or suspicious activities.

On Monday, Optus announced it would indeed offer some customers a 12-month subscription to the monitoring service Equifax Protect.

“The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,” the company said in a statement.

“Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams.”

While she thanked the company for agreeing to provide the support, Ms O’Neil said “this is not the end of the story”.

“We are still going to be talking about the Optus hack in the weeks to come,” she said.

“Optus needs to communicate clearly to their customers about exactly what information’s been taken from specific individuals, and then needs to assist and support customers to manage the impacts of what is an unprecedented theft of consumer information in Australian history.”

What to do if you think you have been impacted

For those who are concerned their data may have been stolen, there are a number of steps you can take to protect yourself.

The Australian Cyber Security Centre has provided advice for those current and former customers who have been impacted.

Australians have been adviced to update their devices to protect important information as well as protecting important accounts by using multi-factor authentication.

Customers should also contact their financial institutions immediately and follow their guidance about protecting their accounts.

Those impacted are also adviced to contact reputable sources for information such as Moneysmart, ID Care and the Office of the Australian Information Commissioner.

Optus has said it will not be sending links in SMS or emails being sent out to customers.

“If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links,” the telco said in a statement.

“The attack is being investigated by the Australian Federal Police, and they have advised Optus not to provide comment on certain aspects of the investigation, including verifying the authenticity of customer information published on the internet.”

Do you know more? alexandra.foster@news.com.au

More Coverage

Big change coming amid Optus backlash

Ally Foster

‘A flurry’: First sign you’ve been hacked

Anton Nilsson and Adelaide Lang

Originally published as Big problem with Optus email sparks fury among Aussies