Optus - Major Data Breach

HardQuiz on 22/09/2022 - 14:14
Last edited 26/09/2022 - 10:08 by 1 other user

Some good resources here.

https://www.cyber.gov.au/acsc/view-all-content/alerts/optus-…

Optus has suffered a massive data breach, compromising the personal information of up to 9 million customers.

About 2.8 million customers have had all their personal details taken in the cyber attack, including their passport and licence numbers, email and home addresses, dates of birth and telephone numbers.

About 7 million had their dates of birth, email addresses and phone numbers stolen.

The breach involves both current and former customers.

This is worrying.

22/9: Optus’s statement.

Mod 26/9: Whirlpool - Check Optus Customer API

Mobile Data Breach

Related Stores

Optus
Optus

Comments

      • Nebargains on 23/09/2022 - 10:48
        +3

        No but they would have access to the CRM so when you call up they can look you up etc. If you have access I imagine it wouldn't be difficult to then scrape customer details from said system with no db access. But who knows at this point.

        • RSmith on 23/09/2022 - 10:49

          That's correct, but it would be a very time consuming process.

  • Chocobros on 22/09/2022 - 16:35
    +11

    Just saw this and came to post on here. This should be shown to all of the ozbargain community considering how many probably bought optus deals recently (e.g. The tablet for free with data plan)

    • Deals For Days on 22/09/2022 - 17:38
      +1

      Silver lining on missing out on that deal, I suppose. Really concerning… with address and driver's licence number, an attacker could open a new bank account/line of credit in your name potentially couldn't they?

      • Chocobros on 22/09/2022 - 18:00

        I think if you've been with optus even much before you are at risk :(

        • chartparker on 22/09/2022 - 21:05
          +6

          What's really annoying is that I left Optus about 6 years ago and I kept asking them to delete my customer account since I kept getting emails telling me my account was like 60c in credit. Of course they never did/could so now I'm even more angry

    • [Deactivated] on 22/09/2022 - 19:53
      +6

      This should be shown to all of the ozbargain community considering how many probably bought optus deals recently

      Most people were in denial (are still in denial?) about the ShopBack breach. Sadly, the average OzBargain user doesn't seem to value their personal information and who has it. But saving 12 cents on a fidget spinner from a random shopfront in China? BOOM!

    • neonlight on 23/09/2022 - 16:51
      +1

      Lucky I skipped that deal

  • this is us on 22/09/2022 - 16:45
    +10

    The fake call centres overseas must be very happy today…

  • ECE on 22/09/2022 - 16:46
    +5

    Data is beautiful 😷

  • rmh876 on 22/09/2022 - 17:10
    +3

    If you get in touch through their app, they will tell you whether you were compromised… I was.

    They have added flash notes and if someone tries to change ownership they will be sent to store…. Unable to see which details have been leaked.

    • HardQuiz on 22/09/2022 - 17:40

      What about previous customers? How will they get notified?

      • freefall101 on 22/09/2022 - 19:06
        +2

        They were obviously storing a lot more data about previous customers than they should have been, so I’m pretty sure they’ll have a way to reach you.
        Or just ask the hackers who have doubtlessly used the mass of private data to figure out your current address and phone number.

      • T3J on 25/09/2022 - 17:27
        +1

        Honestly, I'm thinking we will get informed when we can look up our own data from the leak when its posted to https://haveibeenpwned.com/ As an ex Optus customer I expect I'm on the bottom of the bottom of the pile of their cares right now.

      • playswithfire on 26/09/2022 - 13:16

        Optus emailed my parents about it, who closed their accounts in 2018.

    • j4ck on 22/09/2022 - 17:41
      +1

      I just spoke to someone at Optus and they said they're evaluating each account and will contact you directly if you've been impacted.

      • Ocker on 22/09/2022 - 17:51
        +4

        At (say) 15 seconds to "evaluate" each account it will take over 4 man (person) years to check each of the 9 million compromised accounts

        • askbargain on 22/09/2022 - 18:17
          +7

          No way you’re that dumb to think they manually check each account.

          • Ocker on 22/09/2022 - 18:37

            @askbargain: Guess it all depends on what and how they are checking the accounts?

          • smartazz104 on 23/09/2022 - 13:44
            +1

            @askbargain: But Optus were dumb enough to have all this data compromised…

        • Switchblade88 on 22/09/2022 - 18:18
          +8

          Thank goodness there are eight or more people working in the call centre now. That'll cut down the checking time significantly

          • nobro25 on 22/09/2022 - 20:34
            +1

            @Switchblade88: If they're busy answering the calls then who's checking the accounts? 🤔

  • pharkurnell on 22/09/2022 - 17:29
    +4

    The more evreyones lives are all over the interwebs the more this will happen. its the future.

    • tharlow on 22/09/2022 - 23:31
      +2

      The stolen generation… pharkurnell. Oh well, better than the generation of people’s faces stuck to screens

  • Deals For Days on 22/09/2022 - 17:30
    +16

    I expect a class action out of this in the future. Such a huge number of affected people, and that's enough info to commit identity fraud.

    • Mozzmanau on 25/09/2022 - 18:45

      Let's hope so. And I hope they go broke. They shouldn't be holding on to customers data

      Optus fought against consumers right to have their data deleted from companies databases. They've obviously been holding on to customers data for some reason and this is the consequence of it.

      Here the article about it. https://www.news.com.au/technology/online/hacking/optus-oppo…

  • Vanceer on 22/09/2022 - 17:51
    +24

    …we want all of our customers to be aware of what has happened as soon as possible…

    Mfers, you have my phone number, why am I reading this on ozbargain first?

    • pharkurnell on 22/09/2022 - 18:27
      +1

      yea they have a few million people sittin round to call each user affected

      • Vanceer on 22/09/2022 - 18:53
        +8

        When they have good offers, they sms Optus customers with, they find a few million people to message us?

        • Miss B on 23/09/2022 - 21:19

          This would cause millions of people to call them still.

          • resisting the urge on 08/10/2022 - 14:31

            @Miss B: They could have planned for the day, or even better, planned to actually avoid the day, by reducing their attack surface, managing PII, adopting a more appropriate security posture… any number of things.

            But they didn't.

            And neither will the others (Telcos, Banks, etc).

            They will just store more of your data, and ask more questions before giving you access or answering a question. While allowing the hackers to update their databases at will…

      • corvusman on 23/09/2022 - 11:13

        Sms, emails?

      • smartazz104 on 23/09/2022 - 13:45

        Surely they can automate an sms…

        • pharkurnell on 23/09/2022 - 14:53

          who would take it serious?

          • ProlapsedHeinous on 25/09/2022 - 19:19

            @pharkurnell: It's not exactly hard to ask users to visit the optus site and click the yellow banner for more info. If people don't take it serious that's their problem but it's no excuse not to let people know.

            • pharkurnell on 25/09/2022 - 23:06

              @ProlapsedHeinous: how often do you and millions of others get emails saying click the link for _________ ? Old people suffer from that more than anyone.

              After it happened, yea send out an email - although Im surprised spam hasnt come through yet from fake Optus with dodgy links

  • Weezle on 22/09/2022 - 17:52
    +6

    I have been impacted.

    Best to put a block on credit file?

    • Chocobros on 22/09/2022 - 18:01
      +1

      if it were me then i would. Know someone personally who had their identity stolen and it was a massive headache to rectify. Better to prevent the problem than react later but maybe others with more experience will advise otherwise

      • Weezle on 22/09/2022 - 19:25
        +1

        Thanks. I did so

    • Worf on 22/09/2022 - 19:33
      +7

      How do you put a block on your credit file?

      • bazingaa on 22/09/2022 - 19:50
        +1

        I don't even have a credit file :/

        • nobro25 on 22/09/2022 - 20:35
          +9

          Don't worry the scammers will open a credit file for you by putting in a ton of Personal Loan applications.

          • bazingaa on 22/09/2022 - 20:38

            @nobro25: I have never used Optus, but I am worried about missus, she had a datasim in 2018

      • Weezle on 22/09/2022 - 21:51
        +3

        https://www.finder.com.au/credit-report-bans

        You need to do the ban with all 3 credit bureaus. Valid for 21 days.

        • resisting the urge on 08/10/2022 - 14:33

          Equifax, Experian and friends collect your credit data.

          And left themselves open to similar, and worse hacks in the past.

          Actually calling them and handing over more, or confirming what they have, is an identity risk in itself. Just so you can hope they will actually protect you, and not share your PII like drunken sailors.

    • ShouldIBuyIt on 22/09/2022 - 22:17
      +1

      Hey, how do you check if you're impacted?

      • Weezle on 22/09/2022 - 23:15

        Optus app live chat

        • El-Rhi on 23/09/2022 - 06:51
          +10

          Do they require your DOB, address, passport number, DL number to verify your identity?

        • pharkurnell on 23/09/2022 - 14:55
          +4

          Your place in the queue is 7,990,001

    • kiitos on 23/09/2022 - 11:51
      +1

      What does a block do? Does it risk making you appear to be a bad credit risk?

      • NigelTufnel on 23/09/2022 - 14:28
        +1

        Probably a lot less so than having your identity stolen and them applying for lines of credit…

    • Chocobros on 22/09/2022 - 18:11
      +3

      youtube has your driving licence and/or passport details?

      • baldur on 22/09/2022 - 18:15
        -8

        Sure you emailed the copy of them through Gmail once at some point of your life.

    • c64 on 22/09/2022 - 18:15
      +8

      the big deal is when you start experiencing identify theft

  • pandadude on 22/09/2022 - 18:20
    +1

    What is Singtel the parent company of Optus going to do about this?

    I reckon this wouldn't be a problem if the business used the same tech.

  • Cave Fire on 22/09/2022 - 18:26
    +4

    haveibeenpwned.com link if this is someone's first data breach. Found some old websites I had signed up like this. Also puts it into perspective, so you are less likely to freak out.

    • Switchblade88 on 22/09/2022 - 19:50
      +2

      Your link is broken - think you need https at the start for it to work as expected

      Try https://haveibeenpwned.com/

      • nephilim on 22/09/2022 - 22:43
        +1

        Mine is: 2017 Gmail hack (700mil emails and pass leaked), Patreon, R2Games (old cd key site)

        2017 Gmail hack lead to my Punkbuster ban, EA/Punkbuster refused to lift it, so never bought another BF PC game. Thanks Google.

    • prhino on 23/09/2022 - 05:08
      +6

      "puts it into perspective"

      It's unlikely many people have been impacted by a breach that includes their licence details and passport details prior to this.

      • Cave Fire on 23/09/2022 - 11:50

        Yeah it's more that these happen often these days. There's tips on the website to secure going forward. Scam watch and IDcare are also useful.

    • xdigger on 23/09/2022 - 15:04

      What if this website got hacked instead?

  • mrhugo on 22/09/2022 - 18:37
    +5

    Not surprised one bit.

    Optus are absolutely hopeless. Jaw dropping incompetence from management. Everyone just does things the "Optus way" which is another way of saying the most inefficient and cheapest way.

    Just my opinion.

  • OpenAI on 22/09/2022 - 19:09
    +3

    Fudge me I has like 50 optus sims throughout the years.

  • bazingaa on 22/09/2022 - 19:27
    +1

    omg! do you have any information about the duration of the breach for former customers? does this affect MVNO like Coles, Amaysim, Catch etc too ?

  • shutuptakemymoney101 on 22/09/2022 - 19:31
    +4

    Should see some good deals coming from Optus soon. lol

  • subydooby on 22/09/2022 - 19:43
    +2

    My friend who is with Optus and is very paranoid will be beside himself. But for everyone it’s another reason to protect your data and be wary of giving out your details…

    • prhino on 23/09/2022 - 05:09
      +1

      Yes, sim slutting increases your data footprint

  • m34nstav on 22/09/2022 - 19:51

    Anyone know if this only affects current customers, or people who also used to be Optus customers?

    Ported out of Optus 2 years ago, hoping my details weren't kept that long. Seems doubtful judging from the data leaked!

    • qwijibo on 22/09/2022 - 19:54
      +3

      Apparently it is also past customers - I don't know how long ago, but assume if you've ever been an optus customer, your details got leaked.

      • m34nstav on 22/09/2022 - 20:36

        Yeah that's what I thought initially. Now I have to remember what email and password I used for Optus and what details I actually gave them (ie. do they have my Drivers License details). What an absolute flustercuck!

    • m34nstav on 23/09/2022 - 12:39
      +2

      Just for those wondering, it was confirmed today current AND past customers are affected.

      https://www.news.com.au/technology/online/hacking/aussies-of…

  • TanTheMan on 22/09/2022 - 19:57
    +9

    If you are concerned about someone taking credit in your name, you can request a ban, more info https://www.oaic.gov.au/privacy/credit-reporting/fraud-and-y…

  • soggypotato on 22/09/2022 - 20:11
    +3

    that is one big fk up yikes

  • JonSteele on 22/09/2022 - 20:13

    Class Action? Previous breach was via Maurice BlackBurn.

    • shutuptakemymoney101 on 22/09/2022 - 20:19

      Don't you need to be able to prove a financial loss first?

      • JonSteele on 23/09/2022 - 19:49

        Unsure as they had the previous one on their site.

        https://www.mauriceblackburn.com.au/class-actions/join-a-cla…

        Optus obviously been cutting the $$$ out for saving purposes…. Can't have a ISP without Security via Obsecurity.

        See the previous one was a specific type of security breach, making silent numbers public.

        This time, they've made the details that are private open to a public attack. Hope to God it set's a standard in law if they follow this up.

  • Jammar on 22/09/2022 - 20:21
    +1

    I am in the queue for customer service. What's the first question I should ask ?

    • OpticalCog on 22/09/2022 - 20:27

      Some have been able to get info on wether or not they were impacted (what info). I just got told they weren't sure yet (super-reassuring….)

    • bazingaa on 22/09/2022 - 20:27

      am I in 2.8 mil set or 7 mil set ?

    • HardQuiz on 22/09/2022 - 22:08

      Does the breach include prepaid customers?

  • justgooddeals on 22/09/2022 - 20:57
    +6

    Knowing Optus all the customers information was saved on word document or excel spreadsheet with the password to open the document being “Suckers” or “password”.

  • Craze on 22/09/2022 - 21:32

    Ugh nothing on e-mail and wasn't expecting to know this through OzB. Shot CS a note on app messaging to see if they can confirm if mine got leaked but probably won't hear back till tomorrow.

  • Oblolza on 22/09/2022 - 23:32
    +1

    Is there actually anything we can do about this?

  • Look Up on 22/09/2022 - 23:34
    +5

    For NSW people, you can apply for a new drivers licence number:

    https://www.nsw.gov.au/driving-boating-and-transport/driver-…

    To apply for a new licence or customer number, you must:
    Report the theft or incident to police and obtain a Police Event or ReportCyber Receipt (CIRS) Number. Where a single event affects multiple customers, Transport for NSW may accept a Police event or CIRS number for all affected customers.

    Check the pages below to see if a common ReportCyber Receipt (CIRS) number has been issued, assuming Optus are self-reporting

    https://www.cyber.gov.au/acsc/view-all-content/news
    https://www.cyber.gov.au/acsc/view-all-content/alerts

    If not, get Optus to confirm if you've been hacked and if so, file a Police report to get the police event number

    • UrMumsOnlyFan on 23/09/2022 - 08:11
      +1

      However, a new licence number will not necessarily stop your previous licence number and associated licence details from being used for fraudulent activities. Unfortunately, Transport for NSW cannot prevent an external organisation from accepting your previous licence without checking its validity. 

      • lgacb08 on 23/09/2022 - 09:06

        This is just general disclaimer. If someone have physical copy of your own licence (or even a fake copy of your licence) and accept it as it is then of course tNSW can't do anything about it.

        • realfancyman on 25/09/2022 - 15:19
          +1

          Also some credit agencies keep a copy of your DL number, so businesses that verify your ID through a credit agency may accept your old DL number

  • OhNoUShiz on 23/09/2022 - 00:07
    +4

    No worries they will give us free Optus sport for a year to compensate us.

    • Heaps for Cheaps on 23/09/2022 - 18:35
      +2

      They told me they can give me 10% off any additional service I add to my account.

    • Clear on 23/09/2022 - 19:41
      +1

      Like that time Shopback gave $3 and all was forgiven.

  • Empharand on 23/09/2022 - 00:31
    +1

    Well done Optus, well done…
    Time to organise a credit freeze (and extensions if I can manage to get a report number from ACORN) to try and circumvent any fraudulent attempts at my credit.

    • FareEvader on 25/09/2022 - 21:38

      will a credit freeze have a negative impact on your credit file?

  • 82norm on 23/09/2022 - 08:09
    +2

    ServicesNSW we’re hacked sometime ago with more Crown Jewels data.

Login or Join to leave a comment
Login Join