Millions of Australians are facing the prospect of compromised privacy and exposure to fraud after the Optus and Medibank cyber attacks.

Medibank admitted on Tuesday its breach was much bigger than previously thought, while many Optus customers are still in the dark as to just how much of their private data and documents are in the hands of potential criminals.

For the millions of concerned health insurance customers, here are some simple steps to help mitigate the problems of fraud and identity theft.

What should customers do?

Although there are still unanswered questions surrounding the Medibank hack, there are some steps people can take right now.

Medibank is encouraging customers to review the advice from the Australian Cyber Security Centre (ACSC) and the Australian government.

The ACSC says customers who think they may have had their data compromised should contact Medibank Private on 13 23 31 or AHM on 13 42 46.

ACSC also advises customers to:

• Use the ‘Have you been hacked?’ application
• Secure devices and monitor both devices and accounts for ‘unusual activity’, making sure all the latest security updates have been installed
• Turn on multi-factor authentication for all accounts.

Customers also need to be on alert for any potential scams that reference Medicare.

The Australian Competition and Consumer Commission’s Scamwatch has warned that scammers could use the Medibank data breach to target people.

• Medibank hack exposed cyber flaws: O’Neil

Australians and Australian organisations are being advised by Scamwatch to strengthen their cyber defences to safeguard themselves against online threats.

Customers might notice an increase in phishing emails, phone calls, SMS or social media messages since the hack.

Scamwatch advises people to:

• Be wary of new communications and don’t blindly accept what you’re being told
• Do your own research and contact the purported business or agency that contacted you to confirm whether or not it is a scam
• Not click links or open attachments
• Never give anyone personal or banking information, or give remote access to your devices
• Check for log-in activity on email and social media accounts and update passwords and do privacy and security checks.

Any customers who are concerned they are a victim of a scam, or believe their identity has been compromised, should contact both their bank and IDCARE on 1800 595 160.

Numbers still unknown

It’s expected Medibank will soon know the full extent of the breach, although the exact number of customers affected is still unknown.

However, Medibank confirmed the breach is bigger than initially thought. The company has about four million customers.