Optus - Major Data Breach

HardQuiz on 22/09/2022 - 14:14
Last edited 26/09/2022 - 10:08 by 1 other user

Some good resources here.

https://www.cyber.gov.au/acsc/view-all-content/alerts/optus-…

Optus has suffered a massive data breach, compromising the personal information of up to 9 million customers.

About 2.8 million customers have had all their personal details taken in the cyber attack, including their passport and licence numbers, email and home addresses, dates of birth and telephone numbers.

About 7 million had their dates of birth, email addresses and phone numbers stolen.

The breach involves both current and former customers.

This is worrying.

22/9: Optus’s statement.

Mod 26/9: Whirlpool - Check Optus Customer API

Mobile Data Breach

Related Stores

Optus
Optus

Comments

  • easternculture on 27/09/2022 - 15:19

    I wouldnt be suprised if the hacker is a teenager and the parent works for optus.
    The hacker realised that not only the federal police are investigating, but now singapore are using their resources and also interpol is invloved as its an international incident (as IPs came out from europe, probably using onion network).
    Wont be long till they catch this scum bag and they are held accountable.

    • slowmo on 27/09/2022 - 16:03
      +4

      it's exposed API. lol.

      too late, the data is gone. sure, the hacker needs to be caught.

      the people need to be held accountable for allowing the crime to happen still works in optus.

  • Ryk on 27/09/2022 - 16:41
    +1

    previous pre-paid mobile customer, ported out 40 days ago. i have not heard from optus.

  • od810 on 27/09/2022 - 17:03
    +1

    Now i will scan CV for people who work for optus contact api. These people do not deserve a job. How can you design an unauth/unrated endpoint? Why the heck the api return ids? It is mindboggling such thing can happen.

    • slowmo on 27/09/2022 - 17:09
      +1

      you'd probably need to go more further up the chain for the 'root cause'.

      code plebs will just code, it takes several stakeholders of varying levels to enable this level of incompetence.

      optus is not a 20 person startup… this is a company that has all the funding and 'industry standard' practices that magically falls apart.

      • squaredonut on 27/09/2022 - 17:36

        I remember coming out a decade ago in a consulting firm as a pleb and one of our projects was with Optus.

        Anyways one of my tasks was to literally write out an analysis, slide decks, reasoning because what happened was someone uploaded the incorrect change of ownership pdf document on the website.

        Go out to macq park, meeting with 6-6 stakeholders present to them, we are changing from pdf 001 to pdf 002 because… 001 was the incorrect one.

        Lol I was like yeah wow this sure is big corp style eh…

        But now you look at data breaches like this, lmao

      • od810 on 27/09/2022 - 20:46

        I don't know man, but that is a fundamental thing when you build an api. It is really bad from the plebs to the managers. Security is everyone's responsibility.

        • slowmo on 27/09/2022 - 20:57

          In an ideal world yes. In practice, it depends. Thus you end up with this Optus-gate.
          Like people with different levels of technical competencies, there are people with varying levels of incompetencies… who happens to be in positions of power where they could decide to override your “concerns”.

          • RSmith on 27/09/2022 - 21:00

            @slowmo: Mostly people with varying level of incompetence and clueless managers forcing unrealistic deadlines on the IT staff can easily lead to this kind of scenario.

            • slowmo on 27/09/2022 - 21:32

              @RSmith: i think that's what i said…

              • RSmith on 27/09/2022 - 21:34
                +1

                @slowmo: I remember reading earlier that Optus were trying to implement 2FA as mandated by tio and somehow they ended up exposing the API to the public.

                • slowmo on 27/09/2022 - 21:55
                  +1

                  @RSmith: all i can say is:
                  1) not our (customers) problem that they can't tie their shoelaces.
                  2) they (optus) are making their problem, our (customers) problem.
                  3) they are a billion dollar company, so take that into context when reading my earlier statements.
                  this level of incompetence is not once-off, nor its appears to be something they learnt from.

                  CEO claiming it is a sophisticated attack, is being fed by people who either
                  1) dont know - incompetent
                  2) know but don't want to be fired - wilfully complacent
                  3) both column A and B.

                  i don't blame the CEO for not knowing, but I blame the CEO for having a leadership culture, where people under their lead fail to let them know the reality (the simplicity) of this problem.

                  • RSmith on 27/09/2022 - 21:58

                    @slowmo: I agree with what you have said. Optus have bungled up big time and should face the consequences.

          • od810 on 27/09/2022 - 23:16

            @slowmo: While i agree with you in most of the general cases, but not this particular one. When a developer build an API, they should know securing the endpoint is the bare minimum to release. It is easy to say it is management faults as it should be because they get the big cheques, developers didn't do their job properly. We are not talking about they were compromised from a such a sophisticated attack vector, this is the equivalent of storing your credentials in public git repo.

            • slowmo on 27/09/2022 - 23:54

              @od810: Not repeating entirely what I said in other replies: Many levels of incompetence enabled this.

              However pointing to “programmers fault” is a management reaction (see initial statement) , who set the initial process and policies in ci/cd pipeline to enable this sort of crap? Its not devs.

              I’m not saying devs are clear of fault. However even with your example, storing creds in public git repo, it’s failure of processes and policies.

              Avoid diverting focus away from the people who are in the A part of the RACI.

              • od810 on 28/09/2022 - 00:11
                +1

                @slowmo: I think we can agree to disagree on this. Speaking as a dev, no matter what policies you have, if the people don't exercise it, you get nothing. Sorry i haven't looked at raci matrix for a long time, but for the past 10 years, all my dev teams were responsible for build/run/deploy (including ci/cd pipelines, my team is currently managing well over 20 cicd pipelines). Management is responsible for setting up governance framework and deal with the bullcrap, it is still the devs who implement and deploy the application. And securing your endpoint is part of your deployment.

                Now i also blame the architect (or whoever it is) who thought it was wise to store ID in plain text in billing and account api. Ideally ID shouldnt need to be stored, but even when you really want to store it, you can hash it, encrypt it… And whose idea is it to return IDs data in account payload where this information isnt even used.

                • slowmo on 28/09/2022 - 20:42

                  @od810: no worries. there's no prizes for getting the answers right for this anyway.
                  i've been around more than i care

                  here's my view:
                  engineers - security, devs, servers, infra/ops
                  architects - solution, application, security
                  managers - change, program/project, approving, compliance, policy, governance, infra, ops
                  stakeholders - product owners, business owners, service delivery
                  others - architecture/design approval committee/forums
                  just to list off the top of my head, the people involved in a single 'feature release'

                  what you just described is only 1 layer. my earlier point is, I don't want to blame it purely on devs, because a lot of people in that list enabled this. It doesn't do yourself (as you said, a dev) a lot of justice because, yes, dev team is part of the CI/CD, more than 1 part of the team in this case dropped the ball.

                  for example: exposing an API? was there even a pen test? why and why not?

                  you rightly called out the storing requirement. without understanding the functional and non functional requirements of what the api was originally intended for , we are speculating way too much.

                  maybe you have a team who takes security seriously, then treasure it.

                  for a lot of teams that i find, isn't that high on the priority.

  • glyptothek on 27/09/2022 - 18:02
    -4

    Bring on Optus Bankrupty Kelly Rosmarin Bayer must go! Get rid of SingTel and stop its operations in Australia! Ive personally sat in front Ms Bayer's fellow countryperson Gail Kelly in Qantas Business Class, just after she let Westpac. Equal comedy seeing Ms Kelly walking to the loos in torn pantyhose. This is the calibre of what governs our corporations

    • easternculture on 27/09/2022 - 18:38

      torn pantyhose.

      Thats fashion now

  • me1stt on 27/09/2022 - 18:02

    I’m former customer and just received the email. However, it says that No ID document numbers or details have been affected. 🤨

    • Nathw on 27/09/2022 - 18:42

      Do you believe tho

  • CC123 on 27/09/2022 - 18:09
    +4

    PSA

    Queenslanders can now get a new licence with a new licence number free of charge. (from tomorrow I think)

    https://www.facebook.com/MarkBaileyMP/posts/pfbid031qwpS4gPC…

    • slowmo on 27/09/2022 - 18:14
      -1

      well, i'm jealous. you've got one person has their head screwed on right.

    • NigelTufnel on 27/09/2022 - 18:47

      That's good news. Hopefully still valid in 6 weeks when I'm back in the country…

  • George Washington on 27/09/2022 - 18:34
    -1

    Who here has been following the breach.to forum page juicy stuff

  • Nathw on 27/09/2022 - 18:44
    +4

    For those who are affected, you can now contact Optus via online chat to get a code for the Equifax subscription.

  • solidussnake on 27/09/2022 - 18:48

    Haven't been with Optus for over 5 years and apparently I'm one of the lucky ones to have my data leaked 😂 my first name starts with A maybe that's why….

    It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack. As a former Optus customer this has resulted in the disclosure of some of your personal information.

    Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, phone number, address associated with your former account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected.

    Upon discovering the cyberattack, we immediately took action to shut it down to protect your information. While our investigation is not yet complete, we wanted you to be aware of what has happened so that you can be extra vigilant at this time.

    We are currently not aware of customers or former customers having suffered any harm, but we encourage you to have heightened awareness across your accounts, including:

    Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
If people call you posing as a credible organisation and request access to your computer, always say no.

    You would have seen we announced this first in the media. We did this as it was the quickest and most effective way to alert you and all those impacted, while also communicating the severity of the situation through trusted media sources.

    For the most up-to-date information and FAQs, go to optus.com.au. If you wish to speak to us, you can contact us on 133 937.

    We apologise unreservedly and are devastated this could occur. We are working as hard as possible with the relevant authorities and organisations to ensure no harm comes from this unfortunate occurrence.

    Warm regards,

  • redeagle83 on 27/09/2022 - 19:15

    Optus announced earlier the following:

    Optus update on cyberattack – 26.09.2022 PM
    At Optus our priority has been to communicate with customers whose information was compromised because of a cyberattack.
    We are now taking a further step to help reduce the risk of identity theft. Optus is offering the most affected current and former customers whose information was compromised because of a cyberattack, the option to take up a 12-month subscription to Equifax Protect at no cost. Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft. No passwords or financial details have been compromised.

    I jumped into optus chat and after couple of copy and paste responses i managed to get activation code for 12 month equifax protect.

    They also created special page on equifax for optus issue.

    https://www.equifax.com.au/optus

    • easternculture on 27/09/2022 - 19:36
      +2

      Step 1: Complete the registration form and help us verify your identity
      (take care to enter your ID document details correctly so there is no delay in registering your service)

      Lol

  • Ash-Say on 27/09/2022 - 19:20

    Replacement licence with new ID number can now be ordered in NSW. Optus to reimburse $29 fee.

    https://www.news.com.au/technology/online/hacking/states-rev…

    • slowmo on 27/09/2022 - 20:11
      +2

      this seems to be a confusing messaging. the $29 fee change is just a new card with a new card # and validation # at the back. it does not change the driver # which was leaked.

      • timhn on 27/09/2022 - 21:55
        +3

        Yes, only card number is get replaced. Not helping anything.

  • pandadude on 27/09/2022 - 19:42
    +2

    Optus should be required to pay for name change and replace all relevant ID.

    This Equifax for 12 months is a joke. Scammers will wait longer to use your personal information.

    • rmk on 27/09/2022 - 20:07

      Agreed, a new passport is $308! I don’t drive so it’s my primary ID - I’m no longer an Optus customer and haven’t been for a while.

    • yoquierotaco on 27/09/2022 - 22:35

      It is, but for now better than nothing. Agree that Optus should have to pay for all ID changes. Not sure if most people would want to change their names though.

      • pandadude on 28/09/2022 - 01:14

        Well you can't change your date of birth.

        You can't just change your address unless your going to pay stamp duty or rent a new property.

        And most driver license numbers never change. Also the renew date is exactly 10 years from the previous expire date. The Department of Transport in everyone state should be held accountable for this one. This is true in WA.

        So really the only two things you can change is your passport and name.

        Is changing your passport number or driver license going to make a real difference?

        The scammers still have all your other details.

        • yoquierotaco on 28/09/2022 - 10:13
          +1

          Can change your license number now in some states.

          Changing license/passport number does create one less option for scammers to use. Scammers go for easy targets if possible. With 10million possible victims, you wouldn’t want to spend time on someone if most of their information is outdated. I’m not saying it’s not possible.

          And while changing name is possible. It does create a lot of headache for paperwork. And also it’s a name you’ve known your whole life, it’s not something that most people would consider.

          DOB is definitely really something we can’t change. Which is why companies should stop using this as the main source to verify identity.

          Edit:
          Address is something that can be changed for a lot of people. I myself have been in 5 different addresses in the last 5 years. Addresses for a portion of the population does tend to change and will be outdated whereas as some of the other information does not.

          Phone numbers can be changed but does create headache (less than name change IMO).

          Me personally, I will change my driver license number today since I’m in QLD. Phone number I am considering. Address I will be moving in the next year. Not considering changing my name. DOB can’t be changed. I have put a ban at Equifax, Illion, Experian. Will be using the Equifax Protect that I had to really fight to get from Optus. So will be monitoring my credit monthly for the next year with this service.

  • Aap Ke Papa on 27/09/2022 - 20:10
    +2

    Just checked mine and my wife's API
    All our data including 100 point id definitely leaked. Not even Optus customer for 5 years. F this shit

    • RSmith on 27/09/2022 - 20:15

      I think 7 years is the period for which they keep the data.

      • slowmo on 27/09/2022 - 21:14

        i don't think anyone is arguing about storing data for 7 years.

        why do they think they need an api that return these sort of information exposed externally?

        for an involuntary 3rd party cloud backup to occur?

        • RSmith on 27/09/2022 - 21:16

          why do they think they need an api that return these sort of information exposed externally?

          Pretty sure they didn't intend to do it that way. They screwed up big time.

          • slowmo on 27/09/2022 - 21:26
            +1

            @RSmith: depends on your definition of 'intended'.

            if there's sufficient documentation to indicate business stake holders accepting the risks to this, then yes, they totally intended it that way.

            unless you are in the know, what you are suggesting is just speculation.

            • RSmith on 27/09/2022 - 21:30

              @slowmo: I am speculating but that's because I also work in telecom industry and know how things work. I have dealt with Optus in the past and have found them to be alright.

              I am pretty sure this API wasn't meant to be exposed to the public and that's why I said that they screwed up.

              • slowmo on 27/09/2022 - 21:45

                @RSmith: i'm unwilling to disclose what i work as or where i work, so i'm just going to agree to disagree.

    • George Washington on 28/09/2022 - 09:12
      +2

      Same my partner is in the same boat ex-customer and we did a password reset…. christ sakes…. they didnt even bother archiving the profile..

      Such bad policy, old profiles past 60 days should be removed from access and archive for the 7years.

      To reactivate the policy 1 - 2 reactivation link similar to linked in and fb.

    • WhatWhoWhyUsername on 28/09/2022 - 10:36

      how did you check?

  • right195104 on 27/09/2022 - 21:20

    Has Circles. Life mobile customers also been impacted?

    • RSmith on 27/09/2022 - 21:21
      +1

      Optus wholesale customers are not impacted.

      • right195104 on 27/09/2022 - 21:23

        So you mean Optus direct customer data was breached.

        • RSmith on 27/09/2022 - 21:23

          Correct

      • Aap Ke Papa on 28/09/2022 - 09:44

        I was reading on reddit that some wholesale customers did get exposed

  • yoquierotaco on 27/09/2022 - 21:56

    People in QLD and SA can get a new driver license number. In case people didn’t see it posted

  • George Washington on 27/09/2022 - 23:03

    Service NSW is so stupid making it difficult to get a replacement Drivers licence number. You have to call up optus get a voucher of some kind unknown.. then give it to Service NSW to avoid paying the costs…

    Morons… Service NSW just follow QLD. If u have an email bring it in repalce it.

    • yoquierotaco on 27/09/2022 - 23:29

      for once QLD did something more efficient/rational than NSW. Maybe we are the Smart State after all…

      • George Washington on 28/09/2022 - 09:12

        QLD gov is going to send the bill to optus… NSW makes you do the grunt work….

        I wonder if the gov is scared they wont get paid back by the telco.. they will squeeze their way out of the bill

        • yoquierotaco on 28/09/2022 - 15:09
          +1

          Likely. Users are reporting that Optus is only giving the credit for a replacement license in NSW.

          QLD is still a nightmare to get a new license number it seems. But at least they have done right by changing the rules with changing license numbers. It's in the best interests of all governments to do something to prevent identity theft.

  • George Washington on 27/09/2022 - 23:04
    +2

    I would like to hear of any optus employees here on ozbargin do an AMA

  • lukejpg on 27/09/2022 - 23:11

    These clowns can’t even communicate properly with those who have been affected.

    First email I received on Saturday: “ The information which has been exposed is your name, date of birth, email, phone number, address associated with your former account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected.”

    Email I received 10 mins ago: “The information which has been exposed is a combination of your name, date of birth, email, phone number and/or address associated with your former account. No ID document numbers or details have been affected.”

    Well which is it?

    I checked the API days ago and my DL details were there along with everything else they’re saying was exposed. Is it safe to say the second email saying my DL details haven’t been affected is BS?

    • Korban Dallas on 27/09/2022 - 23:15
      +1

      Correct it's a trainwreck

    • happydude on 28/09/2022 - 10:10
      +1

      You could have been in the database twice?

      One with ID listed, one without.

  • CharityCase on 27/09/2022 - 23:15
    +1

    I checked the leaked sample, glad I'm not one of the 10000 unlucky ones…

    • yoquierotaco on 27/09/2022 - 23:26

      Yea same, but I wouldn't trust the hacker that he/she deleted it and it was the only copy. Also, potentially other hackers/groups already have this data.

      There were, unfortunately, 10,200 unlucky ones.

      • chartparker on 28/09/2022 - 04:44
        +1

        How do you check?

        • yoquierotaco on 28/09/2022 - 10:42

          Can pm you the link if you want.

          • chartparker on 28/09/2022 - 10:48

            @yoquierotaco: Yes plz

          • apsilon on 28/09/2022 - 10:53

            @yoquierotaco: Wasn't it already posted somewhere here or was it removed?

            • yoquierotaco on 28/09/2022 - 14:32

              @apsilon: I don't know if anyone posted. I'm happy to send the link to people so you don't have to go to the forum. I'm sure anyone that wants this information for nefarious reasons have already downloaded it, but I personally don't want to post it publicly. It's easy enough to obtain.

              • apsilon on 28/09/2022 - 14:46

                @yoquierotaco: I'm sure I saw it here the day it was released but can't find it now. PM me if you don't mind. Suppose I should have a look on the chance I'm there though I'm 99% certain Optus never had any ID documents from me and my email and mobile have since changed so I'm not that worried.

              • username999 on 28/09/2022 - 21:19

                @yoquierotaco: Just had time to catch up more on this fiasco. Would really appreciate a pm with the link if possible as well, just to check if me or my family is one of the unlucky bunch :( Hopefully no more are being release

                • slowmo on 28/09/2022 - 21:25

                  @username999: not being publicly release doesn't mean it wasn't leaked, there's no visibility at the moment.

          • CaptainPersia on 28/09/2022 - 12:36

            @yoquierotaco: Can you please pm me the link please? trying to see if I was on the leaked accounts

          • Ponsonby on 28/09/2022 - 17:12

            @yoquierotaco: Thank you - can you please pm the link so I can check my name

          • jaylee88 on 28/09/2022 - 17:16

            @yoquierotaco: Hi are you able to PM the link please? I am starting to receive targeted spam with details of my address. really hoping i'm not one of the 10100.

          • Nads2407 on 28/09/2022 - 19:00

            @yoquierotaco: do you still have the link so i can check for my name?

            • yoquierotaco on 29/09/2022 - 13:36

              @Nads2407: @Nads2407, couldn't PM you as your settings don't allow new PMM

      • tomvghs on 28/09/2022 - 09:14
        +2

        Chances are they would've already sold the data to scammers. No point holding Optus ransom when it could be worth more than 1.5M. They most likely would've made their money. Good to have hope, but have to assume the worst.

      • yoquierotaco on 29/09/2022 - 13:35

        PM me if you can't find the data or don't want to go to the shady forum. I'll send you a link so you can check. Just note that just because you're not on the list, doesn't mean you shouldn't take every and all precaution available to you. You should act like your data has been leaked. I don't trust the hacker (he/she said data has been deleted). I also don't trust flOptus to help us.

      • yoquierotaco on 30/09/2022 - 10:29

        Don't need to download the data anymore, you can use a site that a fellow OzB made: https://www.ozbargain.com.au/comment/12735539/redir

    • xdigger on 29/09/2022 - 11:56

      Can you PM me the link too? Got the dreaded Optus email. Thanks

  • Look Up on 28/09/2022 - 01:33
    +2

    https://twitter.com/psylenced/status/1574574551303798784

    There are a large number of EU passport numbers in the leaked data, Optus are going to get smashed by the EU on violating GDPR

    It would be comical if the EU penalties are greater than what the Australian government can levy on Optus

    • Ash-Say on 28/09/2022 - 02:40
      +2

      I don't think GDPR applies to Australia irrespective of customer passport country.

      • Look Up on 28/09/2022 - 11:12
        +3

        Incorrect

        Compliance is required if Optus meets any of the following 3 criteria:

        1. They have an establishment in the EU
        2. They offer goods and services in the EU
        3. They monitor the behaviours of individuals in the EU

        Optus meets number 3. All it will take is one of the exposed EU individuals to complain to the European Data Protection Supervisor to get the ball rolling

        • AndyC1 on 28/09/2022 - 12:45

          How are the monitoring "in the EU"? What's your interpretation that Optus do this "in the EU" when Optus have no presence in the EU, they have reciprocal arrangements with other mobile carriers and it's these other carriers that are on the hook for the GDPR.

      • slowmo on 28/09/2022 - 11:23

        lol.

        imma sit here with the popcorn.

    • happydude on 28/09/2022 - 10:14

      There is no way the GDPR would apply.

      • JH100 on 28/09/2022 - 11:06

        Why not? Seriously. The US applies its laws worldwide.

        • Ash-Say on 28/09/2022 - 11:14

          GDPR only applies to EU/UK entities and therefore AU is exempted.

          • slowmo on 28/09/2022 - 13:44

            @Ash-Say: ^^^ how to tell this is someone not in legal - the statement is absolute.

    • slowmo on 28/09/2022 - 11:42

      you want to see comical?

      look up PIPL.

      makes for an interesting read.

  • chartparker on 28/09/2022 - 04:43

    I just got the email from Optus… Over a week after they knew about it. That's some BS performance there.

  • bazingaa on 28/09/2022 - 06:47
    +1

    is there any way to put block in sim porting (currently with Boost) as a precautionary measure ?

    • chartparker on 28/09/2022 - 07:28

      I too would like to know if there's a way. Can't find any information online

    • kazer on 28/09/2022 - 19:04

      Won't porting require the sms code you get on your phone? Or is there a way to port without access to the number?

      • slowmo on 28/09/2022 - 20:05

        people who think about blocking porting need to have a read on this:
        https://www.acma.gov.au/port-customers-phone-number

        there was a time i was aware of, telcos can be really sh itty to their customers, refusing to port out even if they beg/threaten them while keep charging the customer fees. These protections came about….

        which kind of works against you if someone else stole your identity.

        its one of those things you need to read a lot of to get context of the 'why', and it doesn't quite help you achieve what you want.

        • bazingaa on 28/09/2022 - 20:11

          I mean if I am using a 1 year boost sim recently activated, I have already paid for it for a year, so can't I just block porting at least to the end of my package, pretty reasonable isn't it ? specially in this extenuating circumstances :(

          • slowmo on 28/09/2022 - 20:23

            @bazingaa: it sounds reasonable to me, but that would not be what may happen in reality.

            in situations where you port to a provider where their service is really bad in your area, even you paid for 24 months up front, you might be willing to give it all up and port to another provider asap. that standards set for telcos defined SLAs to be met.

            so honestly idk, all i see are various industry leaders just standing around keeping quiet. so far, commbank in my experience was the fastest to make a statement around the breach as well as giving out advisory to push their experian linked (free) product to help make a ban on credit via experian and others.

            over at nsw, a lot of politicians finger pointing, and no mitigation solutions, and service nsw pulled the only option that would have been useful to mitigate, from right under us.

            the incompetence is showing.

  • rmk on 28/09/2022 - 07:58
    +1

    What about passports for those who used them as their primary ID? They are $308 to replace. All the talk is about Drivers Licences.

    • easternculture on 28/09/2022 - 08:43
      +1

      There will be a replacement passport but someone elses face will be on it

      😏

    • bazingaa on 28/09/2022 - 20:13

      it is more for foreign passports, and long take around time,

Login or Join to leave a comment
Login Join