data breach

What to do if you’re the subject of a data breach

Just a few tips for folks who might be the subject to a major data breach (like the recent Optus incident):

  • Start using multi factor authentication (MFA) for all accounts if possible. DO NOT USE SMS BASED AUTHENTICATION unless you have no other choice. Here is an explanation for the general badness of SIM based MFA.
  • Start using a password manager so that you can have long and complex passwords. Also use a different password for each separate site. I recommend Bitwarden or 1Password ( they are good – I have no connection to either company).
  • Ensure that you are using anti-virus and anti-malware tools, for Microsoft just turn on Microsoft Defender as it is good and it is free.
  • Report as stolen any credit cards you used to pay bills with the company.
  • If you want to store payment details on the company site then consider using something like PayPal rather than storing your credit card details. Enable MFA on your PayPal account first though.
  • Change any IDs you used to setup the account, e.g. passport, driver’s license, etc.
  • Setup credit reporting accounts with email alerts so you can know if anyone is trying to obtain credit in your name. Read this and this.
  • Setup a separate secured email account to receive emails from your financial institutions (Proton mail is good).
  • Be vigilant with mobile phone calls from unknown numbers. Do not click any links in emails or text messages.
  • Sign up for Troy Hunt’s excellent Have I been pwned service https://haveibeenpwned.com/
  • Check out scam watch, and their specific advice re the Optus data breach

And if you’re not sure what an attacker can do with your personal information here is a great rundown from Cam Wilson ( ) via Crikey.