I'm an Optus customer and likely moving to Telstra after this since they're not offering us anything to stay. Are you staying or going?
Optus Customers - Are You Staying or Leaving?
Related Stores
Comments
I think you could call them and request to delete your data after you leave, but it's all too late as it's already happened.
From what I read, Optus had an unauthenticated API endpoint in which anyone with basic programming skills could write a script to scrape every other customer's data.
If the above is true, I would wish for Optus and its related employees to be held accountable and given the harshest punishment possible by law.I have no idea how Australia's second largest telecom company would publish this mess into production that could be easily identified and fixed if they had any sort of basic pentesting or release process in place.
Chatted to them to have my registered data deleted. „Jamie“ on chat just apologised for the breach, avoided / didn’t understand my question and replied with pre written answers before ending the chat.
Great support as always OPTUS.There’s a reason why Telstra is returning to AUS based customer service centres.
Is that a thing in Australia though? I don't think there's a privacy/legal requirement for a company to delete your data if you request it here.
That's correct, but they are obliged to store it securely. Optus failed that obligation.
I signed up to Coles Online during lockdown, and was unhappy with their service. I asked them to delete my account 2 weeks later and this was their response:
Thank you for your email regarding deleting your Coles Online Account. We are unable to delete accounts for at least 7 years under the freedom of information act.
The irony of "freedom" being the thing that denies me the right to manage my own data online. Australian government gives no shits about privacy or consumer rights. They say they do, but in practice they don't.
It's not going to make the slightest bit of difference whether you stay or go, because tomorrow some other random organisation that holds all your details will suffer a data breach.
It's a systemic issue & solving it is not going to be easy.
The concern is for the level of details exposed. Phone, email, DoB, Hone address and f**k even DL/Passport details.
This is huge as all the info is there at once to assume one’s identity.
At least switching should tell ANY business to rethink about their architecture and randomise details wherever possible.Why all of details at once got shared without auth is beyond comprehension.
There is no "solving" it in terms of cyber security. It's a constant battle that is ever changing.
All you can do is protect your own data as much as possible, never rely on other people to protect your data for you.
Better policies at the federal level can ensure companies take it more seriously though. This can be done by enforcing certain encryption and authentication methods. Removing of old data. Massive fines for breaches etc..
I'm going to assume you don't have a background in cybersecurity.
It's just simply not as simple as that.
@Willy Beamish: It might not be as simple as that, but it definitely helps. I know the company I work for takes regulatory requirements seriously. The fines you can get in the US are a motivator for sure.
since they're not offering us anything to stay
So essentially you’re telling your personal data is worth the “anything” they would offer 😀
Knowing the Ozbargain crowd pretty well, most of those leaving and/or outraged will jump back on board as soon as there's a great deal on offer…cough shopback cough
Also as above, they already have your data anyway so leaving now (unless not happy with service/reception) is really pointless. And let's not kid ourselves thinking this won't happen to any other carrier or business.Whilst the data is out there, I don't think doing nothing about it personally is the right thing to do.
As painful as it is, I will be getting a new number with another telco, new email address and the likes to try an mitigate any potential issues that may come of this. The fact my mobile number and email address is linked to so many services/utilities/etc I will feel a little better to get a jump on this and close as many pathways as possible with the information I can actually change (email/mobile number).
We can only hope something like this won't happen on such a scale as the Optus leak that has occurred.
I'm not even a customer but I am still leaving because I am hoping that mass exodus may get me some deals, increase competition and lower profit margins, also this will be the best time to ensure data protection….after the breach. We like to play 4d chess.
I left 2 years ago, didn't prevent my data from being leaked
This is true.. Once ur data is in they won't delete coz u left. Wonder any lawsuit against Optus? Leaked dob and document ids are quite a big thing.
A few years ago I went to optus carlingford to sign up for a new plan and they forgot to return my DL and medicare after they ran a credit check. Then a few days later they called me saying the lost the photocopy of my ID and asking me to come back to the store so i told then to F OFF. Seems like optus staff has always been careless with customer data.
haha the same thing happened to me in Mandurah. They called me to come back straight away or they'll have to disconnect me.
I told them too bad. Still connected until a couple of days ago.
The amusing thing is by moving you are actually making yourself even more exposed. You're already screwed by Optus, you are just now giving Telstra who tend to be just as bad at managing things a chance to also compromise your data.
Having said that I had already moved and was one of the unlucky people whose data was compromised even though I am no longer with them, very pissed they kept it.
You can't really be any more exposed once the data is leaked.
Most people would have been with Telstra at some point.
Optus deserve to be boycotted.of course you can be more exposed, not complete details were leaked with Optus, always a chance Telstra will leak the extra data. However I do agree Optus deserve to be boycotted, I just doubt Telstra will be any more secure.
Well, my complete details were. As were millions of others.
@mactos: no, unless you are a special case your payment details and account passwords were not leaked.
@gromit: Payment details and account passwords are an easy fix though. We can change passwords, we can lock/cancel/hold payment details… But the fact our identification data such as Name, DOB, Address and D/L and/or Passport identification numbers were all part of the leak, these are things that are difficult to change (or frankly can't be changed) and should these end up in the wrong hands, could easily cause a lot more damage to many Australians.
@shiprekt: They are only an easy fix if you find out before they are used. If you trust places like Telstra and Optus to find out about this fast always you are kidding yourself. what's more payment details reveal more information about you that can be used for phishing or attacks on other systems, maybe you don't reuse passwords or pattterns, I don't either, but the majority of people do.
@shiprekt: I plan on changing my DOB. The administrative overhead will be painful, I admit, but I'm hoping the joy of dominating in under 12 sport will make up for it.
Actually, Telstra's Cyber Security team comprises some of the best in Australia and often works with others in industry and government. Not saying it isn't possible for Telstra to be breached, but Telstra actively invests in its cyber security infrastructure.
The Optus hack was due to an open API endpoint that allowed for customer data to be shared based on customer ID, which could be queried repeatedly.
This. Telstra has always taken the IT security of their systems very seriously. I don’t know how it can be suggested they’re anywhere close to Optus’ clear failings in this case.
Yes, they try to help. They sell "IT Security". But, meanwhile, Telstra's systems are very old, unsupported, out-dated and vulnerable. And, didn't a Telstra call centre in India sell/expose a lot of data a few years ago?
@Marty-69: I didn’t neg. Telstra has many, many systems but a very proactive security team. That includes records of access of customer data. Something Optus evidently didn’t bother with. As to vulnerable, please explain?
We have to pay out a phone we bought, then leaving.
Ask them that you are so unhappy about this whole saga. And that you want to leave out without any penalty. Tell them they can keep their phone/equipment. Be ready to surrender your phone.
They should let you go without a penny. If not, do mention that you would reach out to TIO.Based on the above - whilst you're talking to them, mention that you want to lodge a complaint and get the complaint number/ID.
You will need this when you go to TIO so just do it in advance to save another call.
Surely you all use your fake identities to sign up for your phone contracts?
Don't they require valid ID, etc in Australia these days?
They do.
Yeah so just use your fake identity you created
Doesnt it need to be verified when activating a prepaid service? It used to work with random numbers but not anymore
I signed up with them a few days before the breach was announced. I few days later I receiced an emailing saying as a previous customer, my information had been stolen.
My email also refers to me as a previous customer even though I am currently a customer (not for long!).
Can you break contract free
For those that are looking to depart Optus, who are you thinking of going with?
Boost prepaid
oi Telstra is getting some new customers
or Vodafone?
Hopefully Telstra shares go up. Thank you Optus, you have done a great service.
Blame Gladys.the whole market goes down
Purely waiting for the next JB-HIFITelstra port-in deal.
While getting a Telstra deal from JB, does JB also save your details additonal to Telstra?
Not sure but I do get a gift card!
Yeah, I've ported out my number and am in the process of transferring my internet from them too.
Although the data is already out there I think it's important that there are immediate financial costs to the breach so it provides stronger incentives to protect user data - both for Optus and other companies that are watching this.
I'll likely do whatever I can to avoid using their services in the future too. Particularly given Optus has actively lobbied against stronger consumer data protections in the past (link).
I have left. Signed up with Telstra I’m in the middle of my contract I don’t care. They breached my privacy and I will not pay them another cent. I’ve had to change my mobile number as well due to an influx of spam messages already.
If you left every company that had a data breach of some kind you would not be buying anything ever.
Happens all the time.
Not at this scale, and this much data.
Tell me one other company that has leaked your date of birth.
Left when Gladys Berejiklian, the former NSW Premier, who is still under investigation for corruption i might add, was given a role there.
I totally forgot about the old witch
The funny thing is that her role is basically the MD of the MDs.
Instead of the MDs previously reporting to the CEO they report to Gladys now lol. Such a stupid bs role, stupid bs corrupt politician.
She is in optus enterprise.
Not in consumer accounts
A few years ago you can open prepaid accounts by entering random names and Id numbers, this way you could keep your private data safe but now it has to get verified, this sucks unless if someone knows how to bypass it.
I got 4 service across 2 account numbers under my name. I like being with Optus and their service is pretty good so not going anywhere. Besides I see incompetance and lack of care everywhere in this country. I work for a medium sized business and from the crap I've seen where I'm working, this shitstorm could easily have happened to my company.
No use in judging others when you yourself probably couldn't have communicated/coded it any better. You judge a company in what actions they take in the next few month after the accident.
Already left …. overseas
Well it depends how much of your info was disclosed.
If it is the same as name, date of birth and address, which is the same info you tell the call centres in India when you call for support, it is the same level of risk as there is no policing those call centre staff who then sell your info after you hang up.
I am LEAVING! - I don't want to be part of this crap anymore. Is it worth it changing my name?
Return to monkey?
Your data is already gone if it is. What's the point of moving???
What’s the point of sending murders to jail? The people they killed are still going to be dead.
How many of us signed up to the Samsung tab 8 deal back in April/May?
I signed up for one but forgot if i used my passport or license or it.
Yea i can t remember ether. Wonder if we can exit earlier
How far back Customer wise is the data, is it if you ever were an Optus customer, or just current…
2017 onwards apparently.
I've been a customer since 1999, I'm not in the leak
For people asking "Why leave, the data is already leaked!?"
The answer is to send a message so that Optus and other companies fix their systems and policies to prevent the likelihood of this occurring in the future.For people asking "Are you going to boycott any company that has any data leak?"
I can count on one hand the number of private companies that have my licence info. Most breaches aren't big enough scale to convincingly steal someone's identity, this one is.I'm fairly sure I'll be leaving Optus, but torn between changing numbers or not. Between 2FA and updating contact info with every company I've dealt with for the last 15 years in the fear that I may need to deal with them again sometime, I'm pretty reluctant.
I'd be real upset if I lose access to some account that I forget to change 2FA for because I only use it once a year.But a mass boycott of Optus would have minimal impact because of what actually happened. The egregious act of opening their full database up to the internet without any access control is a huge breach of their own cybersecurity policies. It's actually also breaches the The Privacy Act, so it was a mistake that will likely have legal ramifications. Whoever was responsible for this or had any sort of overseeing or participation has definitely gotten the sack. They will likely implement tighter administration policies around enforcing their cybersecurity policies. So whether you stay or go, the internal reaction from Optus themselves will remain.
Also on another note, I wouldn't be surprised if there are multiple samples of this database in the hands of multiple entities. It was fully open on the internet, surely many other bots saw this and acquired some of its contents before Optus realised.
Yup, I am definitely going to move all my accounts to Optus now, because their cyber security will be super beefed up after this data breach.
Whoever you move to next will be just as likely to have a breach. No one ever knows how they will happen and it's always a vulnerability no one ever saw coming. More often than not, a human one.
Move if you want to send some sort of message, but expect it to happen to wherever you move to next and prepare for the fallout from the Optus breach and the next one.
That really depends on the company. As a consumer, you have no way to know.
Data breaches of this type and scale are relatively rare. My details have been leaked a few times, checking www.haveibeenpwned.com. This is the first time there is the first time where identity theft is a possibility. The scale of this data breach suggests incompetence or bad practice.
Anything can happen when it comes to cyber security. There's no way of knowing if it will happen to another company or if it's already happened and they haven't said anything or don't know about it.
Anything can happen when it comes to cyber security.
Anything can happen, but a responsible organisation will take steps to minimise risk. This breach is huge. There's no doubt that most online presences are being probed pretty much constantly for security vulnerabilities. Optus is as close to a worst-case scenario as you're likely to see.
There's no way of knowing if it will happen to another company…
Significant data breaches attract publicity. There's also haveibeenpwned.com. Sure it happens to smaller sites, but generally, that's less important especially if you're following good security practices such as not reusing passwords, etc.
Optus absolutely deserve to have customers jump ship to send a message. I strongly doubt you will see another breach of this scale anytime soon.
“Whoever you move to next will be just as likely to have a breach. No one ever knows how they will happen and it's always a vulnerability no one ever saw coming.”
The Optus breach was due to egregious practices that should have never been allowed to occur. It wasn’t some random unforeseen event that just happened.
You are doing a terrible job trying to convince people to stay with Optus.
Telstra and Vodfone would be super smart to come out with a port discount for all current optus users (in an ambiguous advertising strategy of course…). Biggest onboarding of customers ever.
Let's (profanity) 'em up https://www.slatergordon.com.au/class-actions/current-class-…
Dont know about anyone else, but I have grandfathered in Data Share sims on my account, if not for those I would have left immedately.
I'm also against what Optus has done and the steps that they took so far in response to this data breach
I tried phoning Optus to move out from my current plan which majority of us had hopped on the Samsung A8 deal. They said I've to pay the remaining of the device price without the device discount if I want to quit.
In short essentially I'm stuck with Optus until the contract ends (in 9 months).
I'm not a current customer for maybe 5 or so years and got the email. But I get an email every other month from companies saying their customer data has been hacked, breached, illegaly accessed, etc. Pretty sure I got one from plex like a few weeks ago. Obviously optus is a bigger company than plex here in Aus, but these data breaches have become semi regular that I'm a bit "meh whatever" when I get notified about it. I just assume my personal information is out there and nothing I give out online is secure.
Without a doubt, however, with proper practices, those breaches are largely inconsequential.
What is different about Optus is that they've leaked data that will allow identity theft. It's a shame that breaches are causing the "meh" attitude toward security.
The real security issue here is collecting the data online for every little thing and storing it indefinitely. A disaster waiting to happen.
It may be regular for you, but it may not be regular for others.
You should be extremely concern if you get this every other month. Hackers are smart. These days, hacked data from multiple sources are actually combined together to get a fuller picture of what sort of accounts you own. The more info about you is out there in the dark web, the easier it is for hackers to social engineer a hack in your name in the future.
It may be regular for you, but it may not be regular for others.
Any illusion that your personal data isn't already out there is an absolute sham. Optus customer or not
Not if you are young 16yo and just coming out into the world with your own accounts.
I'm waiting for the hacker to decide for me if I'm staying or leaving.
And how much money should remain in my bank accounts.Telstra servers i recall were in HK….therefore owned by CCP
was about to join optus for mobile but found I can still log into my old optus account and it still has my licence details and everything :(
even before this breach I have felt for for the first time in my life that my money in the bank wasn't safe from scammers due to the inadequate security measures from banks. SMS verification doesnt seem good enough for bank transfers now. I would prefer SMS and email codes.I want to leave but will not be able to get a similar plan to what I have thanks to a great Ozbargain deal from ages back.
Paying $40 with 120Gb data, unlimited calls and 4GB roaming with unlimited calls when overseas in Zone 1 countries.
Those grandfathered deals are so addictive… I'm on $50 for 80gb and 4gb roaming
As pissed off as I am, I can't get a better deal elsewhere. Maybe we should try get a discount on these already good contracts??Yeah, I have looked at everyone and cannot get anywhere near this deal, the roaming is the main advantage for me.
Got the tablet deal, has anyone successfully left without being charged the device fee? Cheaper for me to stay than be charged this fee. Don’t feel great about it, but I would be giving them more money if I cancel and pay the device fee.
I tried, no luck here either. The total device repayment for the A8 tab ends up cheaper if I stayed compared to if I pay it all upfront now
Im in this same boat. Better value to wait it out then to pay the device fee
Thanks