Most Australians think about passwords and emails when it comes to data breaches. But phone numbers are increasingly valuable to scammers — and after breaches like Optus (9.8 million customers) and Medibank, tens of millions of Australian phone numbers are circulating online.

How Did My Phone Number Get Out There?

Several ways:

  • Data breaches: Optus, Medibank, Latitude, and dozens of others exposed phone numbers directly
  • Data brokers: Companies that legally scrape and sell personal information from public sources
  • Social media: Facebook’s 2021 breach exposed 500 million phone numbers globally, including Australian users
  • Old accounts: Any service you gave your phone number to that was later breached

What Can Scammers Do With My Phone Number?

  • SIM swapping: Convince your carrier to transfer your number to their SIM, bypassing SMS-based 2FA on your bank accounts
  • Targeted smishing: SMS scams that use your name and personal details to appear legitimate
  • Voice phishing (vishing): Calls claiming to be your bank, the ATO, or Services Australia — using your details to build trust
  • Account recovery attacks: Your phone number is often used as a backup for account recovery — controlling your number = controlling your accounts

How to Check if Your Phone Number Was Exposed

Phone numbers aren’t currently checked by HaveIBeenPwned (which focuses on emails), but you can:

  1. Check your email — breach records link email + phone together: Free breach check →
  2. Assume it if you were an Optus or Facebook customer — both confirmed phone number exposure at massive scale
  3. Google your number — sometimes appears on people-search sites if it’s been widely aggregated

What to Do If Your Phone Number Was Exposed

Talk to your carrier about SIM swap protection

Call Telstra, Optus, or Vodafone and ask them to add a SIM swap PIN or verbal password to your account. This means anyone trying to transfer your number must know a secret PIN — even if they have all your personal details.

Move away from SMS-based 2FA

If your phone number is compromised, SMS-based two-factor authentication becomes a liability. Switch important accounts (email, banking, social media) to an authenticator app like Google Authenticator or Authy.

Be extremely suspicious of incoming calls and texts

Scammers with your name, address, and phone number can run very convincing impersonation attacks. If someone calls claiming to be your bank or the ATO, hang up and call the official number directly.

Report suspected SIM swap attempts

If your phone suddenly loses signal without explanation, contact your carrier immediately — this may indicate a SIM swap in progress. Also contact your bank.

The ATO and Medicare Scam Connection

Australian Tax Office and Medicare scams specifically target people whose phone numbers were exposed in the Optus and Medibank breaches. The scammers combine your phone number with other breach data to make calls convincing.

Report ATO scams to ato.gov.au/scams. Report Medicare scams to Services Australia.

Get a Full Privacy Assessment

For a complete picture of your digital exposure — including what data is circulating about you and how to protect yourself — book a DataGuard Personal Audit for $99 →