John Theodosis is one of the thousands of Australians whose personal data might now be in the hands of criminals.
The Toowoomba pensioner first heard of the massive data breach at Optus on the news and his worst fears were quickly confirmed in a live chat when the company flagged his account as one of those affected.
Mr Theodosis was told his name, date of birth, email, phone number, address and driver's licence had been compromised.
Since the breach was revealed he has been trying to get a new driver's licence.
"To protect my personal information from being stolen, from it being used for loans or identity theft, maybe traffic fines," Mr Theodosis said.
'Garden variety' theft
Brendan Walker-Munro of the University of Queensland said with those personal details, criminals would be able to commit "garden variety identity theft".
"Someone posing as you can contact certain agencies and redirect physical mail, potentially even your electronic mail," he said.
"Once they've got those redirections in place, they are then able to take steps to gain some kind of financial advantage."
Dr Walker-Munro said the fraud often happened without the victim realising it and that with the added data of a driver's licence or passport, criminals could open a bank account or apply for a loan or credit card.
He said it was "tricky question" as to whether victims would be liable for fraudulent loans, but that it was possible to negotiate with banks.
"There have been previous cases where customers … [who] have been able to show through evidence that their identity was compromised have been able to negotiate with the bank," he said.
"There's also been some steps taken by Optus to try and notify the banks of affected customers.
"Banks have really robust and solid systems … able to detect fraud, as long as they know who are the customers that have been affected."
National security challenge
An Australian Federal Police task force will work with the Australians Signals Directorate to identify those behind the breach.
"I want to reassure Australians that the full weight of cybersecurity capabilities across government … are working round the clock to respond to this breach," Home Affairs Minister Clare O'Neil said.
Dr Walker-Munro said the information released could allow people to impersonate others.
"Essentially, they're able to commit a crime and almost make it look as though this this innocent person whose information they've obtained was actually responsible for it," he said.
"This incident has really worried one of the premier intelligence agencies in Australia.
"There's actually some real national security implications to the release of this information."
People affected by the data breach have been urged to be extra vigilant and look out for any suspicious emails, texts, phone calls and messages on social media.
'We've missed the ball'
Scamwatch has advised people to change their online account passwords and enable multi-factor authentication for banking.
On Monday Optus announced it would offer its "most affected" current and former customers free one-year subscriptions to a credit monitoring and identity protection service.
Dr Walker-Munro said he encouraged people to take up the offer.
"But in terms of actually being able to stop someone from using this data, there really isn't a whole lot out there," he said.
"I think in terms of responding to these sorts of breaches, I think we've missed the ball."
Mr Theodosis is making it priority to get a new driver's license and said he was disappointed with the lack of support so far.
"To get it shouldn't be any hassle," he said.
"[It should be] so simple to give me some insurance."