Optus’ data breach is devastating, but how private is our personal information really?

Henry Man

OPINION: The Optus data hack has been detrimental for cybersecurity in Australia. But, there’s a bigger issue at play here in our digitalised society.

It’s been two weeks since an anonymous cybercriminal hacked into an unsecured application programming interface (API) of major Australian carrier Optus, as more details emerge about the scope of the data grab.

The personal information of around 10 million current and previous Optus customers – who used their details to sign-up with the network – were compromised. This may include full names, home and work addresses, phone numbers, driver’s licence numbers, passport numbers, and Medicare card numbers.

Optus has gradually contacted affected customers and which details have been exposed, and state and federal governments have responded by offering free drivers and passport identification number replacements – at the cost of Optus and parent company Singtel.

The ramifications are devastating. Cybercriminals operating in the dark web can now exploit the data to target more Australians with spam and scam emails, messages and calls, and conduct identity and fraud.

The bigger issue

The Optus data breach is a reminder of the need to keep our digital identity safe with the typical advice – change your passwords with a long, complex sequence of letters, numbers and symbols, use a password manager to manage it all, and enable multi-factor authentication (preferably via an authentication app).

It has also heightened our vigilance to fraudulent activity, messages and calls that use strategic social engineering and blackmail techniques to appear as authentic companies and deceive victims to send money in the form of direct bank transfers, gift cards or cryptocurrency.

But in today’s mediatised society where technology and data collection has pervasively been embedded in our daily lives, how private is our personal information really?

Think of the data we volunteer to big tech platforms and organisations everyday:

  • Social media platforms like Instagram, TikTok and LinkedIn monitor our behaviour, how long we look at and interact with content, when we use it, location and more;
  • Tech companies like Google, Apple and Microsoft track our ‘significant locations’, browsing history, profile our personal interests and more;
  • Smartphones, smart home devices, and vehicles have always-on microphones to detect voice commands;
  • Job seeking platforms like Seek, Indeed, and subsequent recruitment agencies or departments receive our work history, full name, home address, emailand phone number when we submit our resume;
  • Our banks and third-party payment platforms like Google Wallet, Apple Pay and PayPal know our spending habits and locations;
  • Public transport cards and providers monitor where and when we commute from A to B;
  • We also disclose our student ID numbers in order to attain student discounts;
  • And so on…

As part of a ‘contract’ to use these online services for free or for a reduced cost, we ‘pay’ with our data – our name, email, phone number, and date of birth must at least be divulged.

Although the breach of Optus’ systems is a blow to cybersecurity and our privacy, the amount of inherent and discreet data that we give to other companies is more concerning.

When trust is broken

Giving our data is inevitable, but it is alarming when our trust in our ‘contracts’ are broken.

Organisations archive our data for years – if not decades – for legal purposes and to simply have it handy to monetize when needed for marketing and analytics purposes.

As with the Optus data breach, when these systems are exploited due to a security flaw, the consequences are detrimental and we bear the consequences en masse.

While current customers can migrate to another carrier in this case, personal information will still be stored.

But can we ditch using Google when Search, Gmail, Maps, Drive and YouTube are so essential? Can we really move our email when every other online account is tied to it? How can we possibly live without Facebook reminding us of our family and friend’s birthdays? It’s important to understand the larger issue of pervasive data collection at play here with big tech platforms. 

Media and technology have interwoven so much with our lives that it’s almost impossible to ignore – and providing our personal data is just a necessity and a commodity.