Optus Data Breach - Identity Theft Protection

JoeBogan on 25/09/2022 - 17:59

Hey guys,

I'm one of the unfortunate ones to have been a victim of this data breach. This whole situation is absolutely messed up because they have my name, DOB and licence number… Basically everything you need to apply for credit, make changes to accounts etc.

I've looked at changing my licence number but they won't even entertain changing it UNTIL a crime has already been committed… Which is ridiculous.

Any one have any tips to make my accounts and phone number more secure?

I have already put a ban on my credit file with the big 3 agencies. Any help would be much appreciated TIA

General Discussion

Related Stores

Optus
Optus

Comments

  • 87percent on 25/09/2022 - 18:04

    Out of curiosity, what are the big 3 credit agencies?

    • JoeBogan on 25/09/2022 - 18:07
      +3

      Illion, Equifax and Experian.

    • reactor-au on 26/09/2022 - 09:56

      And what is a ban on a credit file?
      Mine data was leaked and I left Optus 2 years back.

      • JoeBogan on 26/09/2022 - 10:29
        +1

        Realistically it's a band-aid type solution. So by putting a ban on your credit file you can prevent anyone with your info from getting loans, credit cards etc .

        This initial ban is only for 21 days and then you can extend it by 12 months but it will obviously affect your ability from getting credit cards, loans, post paid mobile plans etc

      • HeWhoKnows on 26/09/2022 - 18:16
        +1

        "Mine data was leaked and I left Optus 2 years back."

        Thats terrible
        They are not supposed to retain your data after you leave them
        Thats a breach of privacy and a data breach in itself

        • Gervais fanboy on 26/09/2022 - 19:05

          I ported out about 18 months ago and I still got stuffed.
          I called them today and was told that someone will get back to me on this within 24-48 hours.

  • mbck on 25/09/2022 - 18:14
    +14

    F******optus

  • Hybroid on 25/09/2022 - 18:14
    +2

    I'm one of the unfortunate ones to have been a victim of this data breach.

    Were you informed of this by Optus? They said they would reach out to people but I haven't heard anything yet.

    • 87percent on 25/09/2022 - 18:16
      +3

      From what I read, the earlier you’re contacted, the more you’re screwed (in terms of the amount of data taken)

      • Gervais fanboy on 25/09/2022 - 19:36
        +3

        Screw me

        I got that email yesterday morning.I’m probably amongst the first few then.. FML

        • original15 on 25/09/2022 - 20:01
          +1

          Last night for me

          • BendBridge on 26/09/2022 - 08:51

            @original15: I am not an Optus cutomer. Just wondering what have been compromised. All the personal details, password, etc.?

            • original15 on 26/09/2022 - 09:24
              +1

              @BendBridge: What all the news articles and posts are saying
              Addresses names Passport or license emails phone numbers

    • apsilon on 25/09/2022 - 18:16
      +1

      Do they have any way to contact you? I've changed my email and mobile numbers since leaving them and got rid of the land line. Maybe they'll snail mail me but I doubt it. Likely they'll just email the old address on file and consider it done.

    • randomusername2017 on 25/09/2022 - 18:24
      +1

      Kelly didn't reach out to you personally to apologise?

      This email was sent by: Optus 1 Lyonpark Road Macquarie Park, NSW, 2113, Australia.
      THIS IS A SYSTEM GENERATED EMAIL. PLEASE DO NOT REPLY TO THIS MESSAGE

    • JoeBogan on 25/09/2022 - 18:45

      Yep recieved an email early this morning.

    • josh909 on 26/09/2022 - 07:53

      I was a former customer - moved about 18 months ago, still haven’t received a notification…

  • happydude on 25/09/2022 - 18:23
    +13

    It's a concern but I won't be loosing sleep over it. You aren't responsible for any debts someone else racks up in your name. It's just a hassle to prove it and get rid of it, but a stat dec is normally all they ask for. I have had 9 data breaches listed on HIBP and only ever 1 issue.

    Blocking with the Illion, Equifax and Experian is a good start for the moment. Getting free access to your credit reports is another:

    I use:
    * creditsimple.com.au (illion)
    * getcreditscore.com.au (Equifax)
    * clearscore.com.au (Experian)

    Keeping track of these is the best thing to do. Anything sus give them a call. Paying for monitoring seems excessive.

    I did see somewhere that the government will act this week. I would expect changes to the DVS which is though idmatch.gov.au where leaked data is flagged to require further identify checks. It is in the credit providers best interest to ensure that they are not being defrauded themselves and given the scale of this leak they will make a plan to address it. If someone racks up $50K of debt, that is their problem, and one they will want to avoid.

    I think people should take practical monitoring steps, but beyond that, don't let this stress you out.

    • happydude on 25/09/2022 - 18:42
      +2

      Sure enough, that is the plan. Ship the leaked info to the banks.

      The ABC has been told the first step to occur will be directing Optus to hand over customer data to the banks so financial institutions can upgrade security and monitor customers who’ve had their personal details stolen.

      https://www.abc.net.au/news/2022-09-25/new-security-measures…

  • Unorthodox on 25/09/2022 - 18:25
    +16

    Used to work in telco ops and financial services, my advice outside what you've done already

    Telco provider, ask for a public note on your account to require an in-person visit for any account changes or SIM swaps. Move your account away from Optus. Best to get a new number - if you have dual Sim then use a burner for all Google, banks etc

    Social media including LinkedIn, remove your details including any birthdays, personal emails, school you went to, any security question type info, likes/follows, your location etc

    Banks, consolidate and update all your account contact info so your email, address, new phone number etc is all up to date. You can also let you banking institution know and to have a note on file, update all your security questions.
    Also change your daily transfer limits.
    Check your expiry dates on all cards and make sure you receive the renewed one.

    Google account, MS account, Apple account, update to your new number and update security questions. Get rid of any security questions that could be tied to you - very easy to find maiden names, school, favourite author etc.

    Set up online VicRoads, etc account.

    Try set up online bills to your email only, reduce paper bills and stolen bills being used as ID.

    Also, these leakages are very common, I have so many stories and even cases where it's worse in terms of potential damage to individuals vs scale.
    Honestly, I'm pretty sure millions of Aussies have had their Medicare and even DL numbers compromised - it's more what they actually do with the data.

    Also, you should ask for Optus to reimburse you for at least 12 months with one of the reporting agencies. My details were possibly compromised back in the days with NAB due to their staff emailing IDs at branches and they were able to provide $500 to cover the cost of the reports etc.

    • JoeBogan on 25/09/2022 - 20:17
      +1

      Hey thanks for these tips! I normally wouldn't care much if it was financial information that was stolen, those can be changed. But things like DL number or passport are very hard to change and even after being changed, they can still use the old number to commit identity fraud.

    • ganchan on 26/09/2022 - 08:23
      +1

      Telco provider, ask for a public note on your account to require an in-person visit for any account changes or SIM swaps.

      I did this with Telstra when my ID was stolen.

      Three months later I found Telstra ignored the note and set up a duplicate profile in their CRM with my details.

      The only way I found out was a policeman contacting me to verify my ID was stolen and that I had nothing to do with a phone number set up in my name that was being used to harass a victim of crime.

      • Unorthodox on 26/09/2022 - 09:57
        +2

        Yeah unfortunately the vulnerability is human negligence or laziness.

        Modern systems and even the one Siebel would have prevented two duplicate post paid accounts but yes there were gaps such as prepaids not being automatically linked and Telstra running two separate CRMs at the time.

  • boomramada on 25/09/2022 - 18:37
    +1

    These bigger companies should comes up with alternative way to identify you other than name, DOB and licence number which is start to become old fashion.

    • Clear on 25/09/2022 - 18:42

      What would you propose? Social security number? Medicare already has an individual health identifier used for various services like eScripts.

    • ganchan on 26/09/2022 - 08:25

      Starting this month, the licence number needs to be coupled with the card number from most states to be used as valid ID, so that's kind of a plus. The licence number by itself is kind of useless without the card number, which you can change by getting a new licence card.

      Source: https://www.equifax.com.au/knowledge-hub/risk-solutions/faqs…

  • AndyC1 on 25/09/2022 - 19:51
    -8

    OP should read the original Optus thread posts.

    • JoeBogan on 25/09/2022 - 20:15
      +4

      This thread was specifically for tips on preventing identity fraud (if you can even). Only part of the original thread was for this purpose (after trawling through so many comments).

      And for the attention? Lol some people on here… Mate your comment is completely irrelevant to the topic.

  • cookie2 on 25/09/2022 - 20:48
    +1

    Identity theft is real

  • jv on 25/09/2022 - 22:43
    -2

    I've looked at changing my licence number

    Just change your name. It's easy as…

  • DemocracyManifest on 26/09/2022 - 08:06

    Even the australia post managed ‘digital id’ shares your data with whoever needs it and they claim not to be responsible for how they manage it haha, I assume that will change soon

  • eddieboy2 on 26/09/2022 - 08:54

    There are other companies that use the Optus network. Does anyone know if they are affected, or just Optus customers??

    • kittymtd on 26/09/2022 - 10:21

      It's just Optus customers and former Virgin customers seeing as Optus bought them out.

      • eddieboy2 on 26/09/2022 - 10:34

        Thank you :)

  • Kay Elle on 26/09/2022 - 11:13
    +2

    I got an email yesterday. I left Optus 4 years ago. I'm really annoyed about how easily Optus could've avoided this.

  • abovethelimit on 26/09/2022 - 15:36

    Optus has sent out an update offering a free year subscription to a credit monitoring/identity protection service for “most affected current and former customers whose information was compromised because of a cyberattack..about time. Twitter link here

  • loulou1 on 26/09/2022 - 16:18
    -1

    I could have sworn it was in this thread this morning there was a link where I could see what info was compromised of my own by mistake changing the client ID to my own.
    After thinking on it all day, how hard would it be for someone to put random numbers in that link and get the info of random people? It really is quite concerning how many people could potentially access that info, apart from those who already have it.

    • JoeBogan on 26/09/2022 - 16:28
      +1

      You need to be logged in to access that info, it doesn't work if you aren't logged in.

      • loulou1 on 26/09/2022 - 16:33
        -1

        Is that how the data was originally accessed though? And only in the recent days when they became aware of the problem that you now need to be logged in?
        If hackers that want a ransom got it that easily, how many others have also accessed it?

        • Ryanek on 26/09/2022 - 17:19
          +2

          Hackers accessed an open API that was not secured. It's since been shut down.

          • reactor-au on 28/09/2022 - 10:03

            @Ryanek: So crazy. I work in banking, just to move 1x app to the cloud, long packed meetings with info sec, risk officers, architects, engineers, data sec, project manager, developers, vendor engineers, vendor security, vendor risk, vendor project manager, vendor dev. And that's just moving JIRA on prem to cloud.
            Basic rule; authentication (identification, verification), encryption end to end (with private key).

            • Ryanek on 28/09/2022 - 10:14

              @reactor-au: Yeah it's crazy. I wouldn't be surprised if it was something like a pre-production code branch or something that was mistakenly made public.

              Someone lost their job for sure.

    • Ugly on 27/09/2022 - 21:52

      It was a link to a Whirlpool post
      https://whirlpool.net.au/wiki/optus_sept_2022_breach

  • miwahni on 26/09/2022 - 22:52

    I received email on Saturday night to say I was one of the unlucky ones. I've been busy changing my email address everywhere, and deleting any saved emails that related to banking etc. That way if I do somehow come to the attention of the hackers, and they manage to hack my stolen email address, at least they won't be led straight to my banks etc.
    It sucks though. I'm really disappointed that this could happen so easily.

  • floretlw on 27/09/2022 - 08:56

    Will changing name help in mitigating the risk of identity theft? Im seriously considering this option as i am losing sleep over this 😪

  • AS2035 on 27/09/2022 - 12:08
    +1

    Everyone who is with Optus has been affected in one way or the other and I do mean everyone

    • Gervais fanboy on 27/09/2022 - 12:26

      Yup, I can attest to that.
      And I thought I had the last laugh when I ported out early last year but Optus had other plans for me..

      • AS2035 on 28/09/2022 - 13:44
        +1

        now I just each time I get an sms or email from Optus

  • xdigger on 29/09/2022 - 13:53

    Why is the huge trove of data even needed in the first place for a $20/month phone plan?

    Optus is definitely negligent but may have been used by the media as an easy scapegoat when they were legally obliged to collect those information. The cynic in me thinks big data collected can be sold or used to turn Australia into a police surveillance state.

    https://www.sbs.com.au/news/article/why-human-rights-groups-…

    • 0 jingle 0 on 30/09/2022 - 16:52
      +1

      All the Telcos, eBay etc, all insist they are required by law to collect this information. If this is correct, Optus is definitely a scapegoat to prevent any responsibility or finger pointing higher up.

      Optus was hacked and is bearing the hate. But it could have been anyone and the outcome, with all this data out there in everyone’s accounts, would have been the same.

      Sadly, people just hand this information over no question, so nothing was going to change. If everyone refused then something would have been done already, since lack of customer means no business. Case in point, I questioned eBay wanting all this information when they made changes to accost a year ago, pointing out that they are the last ones I want to entrust to protect that data, and the consensus on the user groups was if you don’t want an account get lost. Like lemmings they all just comply. I bet they would all complain if it was eBay that got hacked

      • xdigger on 30/09/2022 - 17:18

        Yeah, if you switched the names Optus with Telstra it'll be the same reaction. The IT guys responsible switch around the different companies too. The issue is why are they not criminally negligible for their conduct?

        And why are the companies forced by laws to amass such data from us? Those surveillance laws are undemocratic and seems suited to a North Korea dictatorship but actually exists in Australia.

  • CauseNEffect on 26/10/2022 - 13:00

    Letters are being posted / received for those affected. Looks to be bad.. expect a lot of letters via aus post..

Login or Join to leave a comment
Login Join