This was posted 2 years 2 months 25 days ago, and might be an out-dated deal.

Related
  • expired

[VIC] Free New VIC Drivers Licence for Optus Data Breach Customers @ VicRoads

5230

The website has been updated with the following information.

A dedicated form has been created for concerned customers to request to have their Victorian driver licence record flagged and protected on the Victorian and national licence databases and the Australian Government's document verification service. 

You can access the secure form here (External link).


Any Optus customer who is concerned about their licence information is recommended to contact VicRoads via the dedicated channels above to request to have their details flagged.

The Department of Transport and VicRoads are also committed to supporting impacted individuals who wish to have their licence replaced. This request will be validated against the Optus information once available. 

Further information on licence replacements is expected shortly. In the interim, please do not use the usual replacement licence services.

Victims of the attack can refer to the advice of experts including:

Victorian Government organisations impacted by a cyber incident must report it to the Victorian Government Cyber Incident Response Service.

Mod note: The start time for a free Driver's License replacement offer is yet to be determined, and according to the site, "The Department of Transport and VicRoads are currently working through a process to support an anticipated high-volume of requests.".

Do not request a license replacement until further announcements are made.

Optus media release updates on the cyberattack

See Also: Driver License replacements for other states.

QLD, SA, VIC, TAS, WA, NSW, NT

Related Stores

VicRoads
VicRoads
Optus
Optus

closed Comments

  • +2

    Received email from Optus saying

    No financial information or passwords have been accessed. The information which has been exposed is a combination of your name, date of birth, email, phone number and/or address associated with your former account. No ID document numbers or details have been affected.

    How can be 100% sure that driving licence has not been exposed?

    • +3

      It's pretty clear that at this stage Optus has lost all credibility, much like Vodafail back in the days, what a gift to Telstra lol.

    • Interesting that yours say No ID document numbers or details have been affected.

      Mine specifically said that they were.

      • There is supposedly different subsets of customer data leaked, one had their ID leaked and one did not; both subsets would've at least had their contact details breached however.

    • +1

      @Sidor, I’m exactly on the same boat and do not trust what Optus are saying, especially since they didn’t mention Medicare numbers were affected until later as details were dropped online forcing them to admit they are included in the data breach

  • For anyone who's been notified by Optus, did they notify via email or text? (I see poster above got an email, but was this the "you were breached" notification?)

    Just have an Optus sim I don't use anymore, somewhere.

    • +2

      Email

      • +1

        I have 2 accounts, 2 different emails, both my emails are visible via the WP API search methods and still not a single email. Sigh.

        • Maybe still possible your data wasn't accessed.

          • @McFly: Wouldn't trust Optus even if they said that was the case.

            • @Typical16-bitEnjoyer: I don't have an email record of actually signing up to any Optus plan.

              All I know is that sometime in 2019, I ordered a free starter pack from their website. I never activated it. Yet, I am being told:

              During further analysis as part of our ongoing investigation, we can confirm that the licence number on your Driver Licence was exposed. Please note, only the licence number has been exposed and not a copy of your Photo ID.

              How do I actually get in touch with these clowns? I waited more than an hour on hold waiting to speak to one theirs "experts", and the call just disconnected. FFS!

  • +4

    Is it free to change my date of birth too?

    • +10

      Can confirm that all impacted by Optus publicly posting their personal information will be given a new 2022 DOB. Unfortunately, that means you will not be 18 until 2040. Optus apologises for any inconvenience that may cause.

      Importantly, your Optus password was not compromised.

      • Can I change my gender too?

  • Can I assume this did not impact telcos that use Optus network?

  • Apart from the many good points raised in this thread, if the potential damage is limited to 10,000 customers or former customers, will be interesting to see what the company offers in terms of recompense. Two years complimentary NBN access would be a good start…

  • Being in IT this is a nightmare scenario… Pii data of this level being leaked… What a disaster!

  • +1

    "Just heard Dept of Transport on radio saying nah - licences won’t be reissued in Vic till a methodical process is gone through. You can “put a red flag” on it

    Bit different to what #springst journos were told last night. And to what’s happening in other states."
    https://twitter.com/heidimur/status/1574899661206265856

  • +1

    I called VicRoads this morning to get my license replaced. I was told there's no need to call in - you just need to fill out this form:
    https://www.vic.gov.au/victorian-drivers-licence-record-flag…

    Once submitted, I got the following message:

    Thank you. VicRoads will flag your record on the licensing register, and you will receive confirmation via your preferred method of communication. This will also provide information on how to change your licence should you wish.

    Given the anticipated volume of requests, we expect that this may take some time. We ask you to be patient and request that you do not call us to follow-up on the request.

    • They won't be replacing your licence yet (see my comment above)

      • Yeah that's consistent with the message you get when you submit the form.

        Thank you. VicRoads will flag your record on the licensing register, and you will receive confirmation via your preferred method of communication. This will also provide information on how to change your licence should you wish.

        Given the anticipated volume of requests, we expect that this may take some time. We ask you to be patient and request that you do not call us to follow-up on the request.

  • +1

    If you get a new licence does it expiry restart again?

    • Previous comments say same expiry date, but new licence #

    • The procedure in the past for ID compromise was just a new number, same expiry, and same everything for a lost license. Because the expiry is based on a fee paid, not just a 'time since issued' there's no reason for them to restart expiry, that would cost the government $$$ they still want you to pay. If you get a license with multiple classes each can have a different expiry.

  • Following… I got email from Optus saying none of my IDs was exposed. However, I dont trust them one bit. Their email opening is "hi there"…..

  • News reporting this morning that VicRoads are refusing to do this and sending people away…

    One office told dozens of people in the queue that they will not do it and government is just chest-beating.

    • Sounds like those people are jumping the gun and not processing the details of the announcement before bothering the VicRoads staff about it. All it is at the moment is to fill out a form to have your licence "flagged"; no replacements are happening at this point in time. From what I gather, VicRoads will provide further information on replacements some time down the line once they've confirmed who is impacted.

    • It does say right in the main post that the process isn't ready to go yet…

  • +1

    It's ok, VicRoads gonna just raise vehicle registration costs 15% next year to cover these costs…

    • +1

      Lol probably. My cousin lives in St Louis in the states and when I told him the amount we pay for rego, he didn't believe me (he pays around 59-70 usd, can't remember the exact figure but crazy when compared to how we get screwed for rego here).

  • damn. email i got from optus says only my personal details (name, dob, address, email) have been leaked but not my ID so i am not eligible

    • +3

      so just change your "(name, dob, address, email)"

      Problem solved…

    • +1

      Oh no, how terrible - you've had less data leaked!

  • +1

    I got an sms from Optus this morning with one time passcode to change my account details. I didn't request any changes to my account so obviously someone else has been trying to access it. Time to stay vigilant!

  • I am no longer an Optus customer, but still receive an email from Optus telling me that my information has been exposed, do I need to change my driver license?

    • Yes, because you may have had your licence and/ or passport number exposed that they had on your account even if it's not an active account.

      • You don't even know what their email said.

  • My licence expires mid next year anyway. Would be nice if this isn't just a new number but may as well be able to renew the whole thing early.

  • +1

    I got a question: if I fill the form and request flagging my license, would this affect a police check or a home loan?

  • The process to report identify theft is PITA. I didn't do it for my passport, like I'm gonna do it for a drivers license 🤣

  • It's $195 to change your name at ​the Registry of Births, Deaths and Marriages. But I'm not sure if Optus will be covering the cost. Will be a bit of a hassle though.

    • 8 million name changes incoming?

      • What if the new name was already leaked?

  • +2

    Here's a question. Why is Optus and presumably other companies allowed to keep my personal she I.d info indefinitely after I cancel my service?

    • Because there is no law in Australia that gives consumers the right to request their data be deleted. That's for normal businesses, shopping websites etc.

      For telecommunications, they are required to hang on to your data for at least 2 years (it may be longer I can't recall). But they are meant to properly secure it, otherwise they get a slap on wrist which apparently stings for a few seconds.

  • I’m currently on a cruise and have no data on board, so I’m just finding out about this now. Does this effect Amaysim customers. Thanks

    • +2

      Does not affect Amaysim customers, only those that dealt with Optus directly within the last 7 years (Give or take)

      • -1

        Thanks 😊

      • Which includes their Gomo brand, sadly. As I found out today.

  • +1

    Changing the number won't make a difference until they implement a system to revoke the old number from being used. All Vicroads documentation currently states nothing stops a third party from accepting your old license number.

    Such a mess.

    • If the number changes, why would the old number still work? Where did you get that idea from?

      • +2

        https://www.vicroads.vic.gov.au/-/media/files/formsandpublic…

        Quote from above document:
        "VicRoads is unable to prevent other organisations from accepting previous licence information."

        • +1

          "Accepting" is the key word. I take that to mean ANY made up number could be accepted if they never bother verifying it with VicRoads.

          It makes no sense that the previous number would successfully be validated by VicRoads. I think VicRoads are just saying "your previous number, even though invalid, may be accepted". Kind of like how you could make a fake ID and show it to the bouncer to get in the club. VicRoads have no way of stopping that either.

          • @cerealJay: "I take that to mean ANY made up number could be accepted if they never bother verifying it with VicRoads"…

            Without clarification from Vicroads, you are guessing.
            Why would they be specifically calling that out?

            • +1

              @DiSTURBED-oNE: Organisations can compare online the customer's identifying information with government records or the originating document issuer. That process will be either validated or declined.

              An old license number will be declined. I'm no expert, but it's done via services as described here: https://www.idmatch.gov.au/faqs

              If the company never bothers to validate, then the fraudster is relying on your other details like date of birth, home address etc to get signed up.

              To be clear, this license change initiative is not solving the whole problem, it plugs an important hole though. Our date of birth and home addresses are leaked, and may still lead to fraud.

              • @cerealJay: I am not as concerned about the address, DOB etc.
                That information can be found elsewhere without much effort (social networking, directory listing etc).

                Drivers License Number, Passport Number and Medicare number are considered Catagory A.
                They are held in higher regard in terms of asserting your identity.

                They are also much harder to change if stolen or compromised (which should not be the case!).

                "Organisations can compare online the customer's identifying information with government records or the originating document issuer. That process will be either validated or declined."

                This is good news and I hope that the old number does decline.
                What I really want is that in writing from Vicroads, as I cannot find that anywhere.

                • @DiSTURBED-oNE: The point is that the old number will only decline if the company is validating it through the validation systems.

                  So you won't be able to use the leaked number to open a bank loan for example, because the bank will try to validate the number and it will fail.

                  But if someone hires a car for example, and the hire company does not bother to validate the number, then of course they will accept it - there's nothing VicRoads can do to stop this, which is why they point that out.

                  (Obviously if anyone accepts a driver licence number without validating it, then that is dumb. But it is a thing.)

  • So they actually stepped up and did something. I've completed the form, and this is a good start.

    Good idea to first offer the flagging and protection of licenses. Then can process license changes in orderly manner.

    I like how VicRoads mention that the form uses Drupal and data stored on Azure! LOL, not necessary to share that much information! But I get they're trying to be transparent and show they've put effort into securing the data, unlike Optus.

    • +1

      Sharing the recipe for next attack !! Imagine if vicroads gets hacked

      • -1

        The average sole trader Wordpress site would be more secure than what Optus did in this instance. I'm not worried about VicRoads security, I just thought it was funny how they mentioned the form's backend technology. It doesn't expose anything dangerous by mentioning it. It's no doubt locked up tight. I filled it the form straight away without hesitation, as anyone else in this breach should do.

  • Do they take a new photo? I like my current licence photo because I haven't aged in it. They reused my old photo during covid.

  • +1

    How about a free new house for Optus Data Breach Customers as their addresses are still hovering over dark web.

  • Sorry if it's been asked but what if you were a customer in the past and can no longer login to the website since it was from years ago?
    I assume Optus would retain all personal user info for silly reasons and it may still have been leaked?
    I didn't receive an email but I probably also no longer have the email address that was used years ago? I don't know but I do know I was an Optus customer at some point.

    • If you still know your email address this is what I did:

      • Requested a password reset via email.
      • Changed my password.
      • Logged into website (i got a popup blocking everything saying i no longer have any accounts).

      Then clicked the links in the link below (as mentioned by @brotherfranciz earlier in thread):

      The links still work, even if the website blocks you from accessing any details as a former customer.

  • What if you no longer have access to an old email that was once used to on Optus?

    • That's what I'm worried about.
      The only way I can think of is to illegally obtain the leaked data and search for your drivers license in it.

  • FYI - ACT information is here: https://www.accesscanberra.act.gov.au/s/article/Information-…

    Short answer - you'll get a new license (with a new card number but not a new licence number) if both the licence number and card number have been compromised. Optus will reimburse the $42.60 cost. If only one field is compromised, no new card is required. You can still request a new card (with a new card number but not license number) and pay the $42.60 yourself. Either way - no new license number - it stays with you for life.

  • +1

    Dan Andrews said today that the government will foot the bill for any licence replacements as a result of the Optus data breach and Optus are asked to pay them back but doubts they will

    So essentially our tax payer money is paying for our own licence replacements while Optus are kindly asked to pay the government but aren't expected to, meanwhile Optus get a slap on the wrist - Brilliant!!!

    • Optus will credit your account with the fee

      • +1

        That helps if you are still a customer :) - I haven't been a customer for at least 4 years and my licence was exposed!

      • +1

        I think an Optus account credit is a kick in the teeth for Optus customers that would like to cease using Optus immediately

    • They don't have much choice really, the federal law in this instance would be really weak. Hopefully this expenditure encourages states etc to move away from static numbers as an identifier. Ideally you should generate a new number digitally for each time you have to give it over, that would make it impossible to be stolen as it would only be valid for one use.

      • or encrypt the personal information you stupidly store indefinitely?

        • In this case the data was pulled via an API.

          Encryption wouldn't help if the API was decrypting the data on request…

  • Optus will give credit for replacing license.

    Response from Optus via Optus chat:
    “regarding your Drivers Licence . We’ve been working closely with your state government. We’ll be in touch with specific guidance over the coming days if we consider there is a need to change your driver’s licence details. When we get in touch, we’ll place a credit on your account to cover the replacement cost, if any. We’ll do this automatically, so you will not need to contact us.

    If you don’t hear from us, it means that your driver’s licence doesn’t need to be changed. You can refer to your state’s official statement for more information.”

    • +1

      Lol they would love to just give credit for former customers instead of paying actual cost. Penny pinching at every turn.

  • I wonder if VicRoads will force you to fill in a paper form and snail mail it to their office in Kew along with a statutory declaration and signed police statement. That was the process in 2019 when my licence was stolen and used to order a bunch of iPhones (ironically from Optus).

    • I expect due to the scale they're going to get the proof direct from Optus.

  • Anyone here signed up for the free Samsung A8 deal?
    I haven't received any notification.
    Also, aren't Amaysim customers affected by this?

    • Got A8 deal. No notification from Optus here.

    • Order got cancelled, details were stolen. Including ID

    • That was a heck of a deal!?!

    • In the same boat. Got A8 and only signed up with them because of it. Now DL number is leaked confirmed by their text message.

  • Anyone changed theirs recently? Hows the queue in the city? Asking for a friend.

  • +2

    Guessing I'm not the only one here, but the only reason I got caught up in this crap, is from that stupid tablet deal from April
    https://www.ozbargain.com.au/node/696220

    And I never even got the darn thing! Order was cancelled.

    Have not been a customer in over a decade otherwise & due to that tablet debacle, was never going to ever be a customer! <face-palm>

  • LEGAL Class Action / Class action is a type of legal proceeding in which one person (the plaintiff or applicant) brings a claim on behalf of a wider group of people

    Time and car expense to get to Transport office / wasted time in line/ return trip / license fee = approx $200 per customer credited on Optus bill

    Easy for them and for victim Lemon to Lemonade

    This way they will pay professionals to keep data secure and not skimp on security

    A-boy 1 hour 23 min ago
    My friend who works in talco advised me not to accept this offer, once u accept, u may not b eligible for any class action payment by govt in future.

  • +1

    Let us look at this another way.

    Drivers Licence and Passports no longer provide proof of identity. If any bank or other institution tries to claim you have done something because they have identified you thru Drivers Licence or Passport then they are now on shaky ground. It is the banks and other institutions that use this now invalid form of ID that should be worried not you.

    • +1

      That's a reasonable comment but how much does this hold up against some knob who has taken out 45k$ in your name and run off with it?

      • +1

        Bank gave it to the wrong person. Bank knowingly failed to correctly ID the person to whom they gave said $45K

        • …this doesn't help you one bit when the debt collectors arrive at your door looking for the $45K.

  • -1

    So is this even a deal given there are still no details whether or not we can change our license number? A lot of upvotes for sth so vague.

  • It's only changing the card number, wouldn't you want the license number changed as well since most companies that ask for a DL only requires the license number not the card number?

  • So, uhhh, guess we're just giving the criminals a chance to use our details while they're still valid? Could they possibly move any slower with this?

    • newsfeeds popping up about scams (super withdrawals) not helping either

  • Are we have to go there for them to take photo or they will use the old one in the system?

  • do u reckon alot of people, who doesn't really follow the news, or ozb, actually would bother changing their driver's license or passport? Seems half is just a publicity grab and headliners from newspapers, and chance for every other joe to put in their 2 cents on the matter. Overhyped.

  • +6

    Received text message from Optus saying:

    Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number. Your State or Territory government will provide advice on any action that you may need to take via their website.

    I'm not impressed with the word 'ONLY'. Also to pass the bucket to State is shameless.

Login or Join to leave a comment