Why The Absolute Urgency to Change Drivers Licence Details Due to Optus Data Breach?

RockyRaccoon on 29/09/2022 - 10:28
Last edited 05/10/2022 - 12:20 by 1 other user

Would someone kindly tell us why, we have to panic and change our drivers licence, right now, rather than wait a few days to see if, our details were released?

How can a scammer, or one of these so called bad actors use this information in the next few days to compromise what?

I understand that they could try to get access to my banking details, which over time they could do, then with my drivers licence, maybe get access to the account by using some story to have the bank give them access. But would that be that easy to do and how fast, like finding out which bank I am with, the bank account number etc

I can’t see them ringing various banks saying, they have forgotten my password, my account number etc but they do have their (my) drivers licence details if that helps…. Then even after all that it’s one of my zero balance accounts…

Btw this doesn’t mean Optus can escape the wrath I or others have for their stupidity, I just can’t see how it’s of that much instant urgency, other than it makes for great headlines for click bait by all forms of media.

A discussion and thoughts from many of the wiser heads here, might help us all understand the risks and timelines. Maybe a bad ozbargain actor or two might even contribute. 😀

** 5 Oct ** For those still interested: Got latest sms today from Optus, which was further to an SMS saying only my license number in NSW was leaked. Of use to those in NSW not elsewhere.

Cyberattack follow up: Further to our communications on Sunday we wish to confirm that NSW uses a national Document Verification Service (DVS) that means both your driver licence number and card number are required to verify your identity. Therefore, NSW Gov advises you do not need to replace your Driver Licence. Visit Optus website for details.

General Discussion

Related Stores

Optus
Optus

Comments

  • Xistn on 29/09/2022 - 10:29
    +24

    Identity theft is brutal to sort.

    • RockyRaccoon on 29/09/2022 - 10:36
      +1

      I accept that. So are you saying just because someone has my license details they can assume my identity. Wouldn’t they need much more than this. Would you care to enlighten us more with your wisdom. That will help more than just this dummy😀

      • Xistn on 29/09/2022 - 10:37

        see below comment.

      • Typical16-bitEnjoyer on 29/09/2022 - 10:41
        +18

        They probably won't bother trying to access your existing accounts. Details could be used to create new accounts, credit cards, obtain finance, interest free etc. Absolute b*$%h to resolve.

        • 7ekn00 on 29/09/2022 - 11:59
          +5

          New credit, you go to get a new home loan / car loan / credit card and get told the 7 you already have is enough ;)

  • Xistn on 29/09/2022 - 10:34
    +10

    Imagine 20 Credit cards taken out in your name and maxed out…

    • RockyRaccoon on 29/09/2022 - 10:38
      +3

      Ok now thats helping to understand this, but how do they get those cards, mailed to an address separate from the identity of the licence? Not trying to be difficulty, just trying to understand how it can be done. Thanks

      • Xistn on 29/09/2022 - 10:39
        +4

        Just like when you order that bargain macpac jacket, you have a billing address and a postal address.

        • RockyRaccoon on 29/09/2022 - 10:45

          Maybe it’s been a long time, since I have made a credit card application, but I thought the asked for more than just a drivers license and Medicare card, like any other cards you have, loans etc, which if not answered correctly should raise flags.

          Again, your wisdom would assist all here.

          • Sleeqb7 on 29/09/2022 - 12:40
            +3

            @RockyRaccoon: It depends on the source of the card or the loan.
            Not all loaners are banks and thus not all loaners are required to fulfil their strict identity requirements.

          • FirstWizard on 29/09/2022 - 13:15
            +1

            @RockyRaccoon: You even can go to one of those free credit report company websites with the ID number and get a list of all credit cards/loans you have with limits of those cards and when you last paid the bill etc.

  • Quantumcat on 29/09/2022 - 10:36
    +9

    Please Google "what is identity theft" to understand what the issue is.

    Let me help

  • capslock on 29/09/2022 - 10:38
    +1

    Some people just want to get it out of the way and have peace of mind I suppose. I'll wait a few days to do mine. I agree that it is highly unlikely a thief will take out a loan in your name in the next few days.

    • RockyRaccoon on 29/09/2022 - 10:40
      +1

      Exactly my thoughts, but wanted to understand in case I was missing something, plus at this stage I don’t know yet from Optus if I am one of the worst breeched.

      That said I don’t want to be foolish, and I thought sharing here would help others as well. Thanks

    • yoquierotaco on 29/09/2022 - 13:55
      +3

      the chance for each individual person may be low since we are talking about 10 million. But someone will get screwed and you don't want it to be you. Also, if the data has been sold, someone can easily write some code to batch all of this. I would definitely be worried if I was one of the 10,200 that was leaked. But in general, everyone should act like their data was leaked and do a credit ban.

      And as others have said, people in other countries basically spend all day doing this as their normal job. They are very creative and a lot of companies have horrible security etiquette (not just IT, but customer rep has not been trained to do proper checks or the process has not been set up correctly). The devastation that you may experience is pretty horrible if you read any of the stories online.

  • FSTB on 29/09/2022 - 10:46
    +16

    Existing accounts shouldn't be your concern.

    With your name, address, DOB and ID, I can open a series of new bank accounts. Once the new bank accounts are opened go to every pay day lender and take out loans using your ID with the cash being deposited into the new bank accounts. I'll leave the rest up to your imagination.

    All of this can be done from outside Australia with the likelihood of being caught extremely low. There's literally boiler rooms in third world countries that do this 24/7.

    On the site where the data is being sold, there was multiple people lining up to buy the data if Optus didn't pay the ransom that were willing to fork out $1M. That's how valuable it is.

  • Benoffie on 29/09/2022 - 11:04
    +13

    Had a close relative suffer identity theft. Didnt know until they lodged their tax return and the ATO got in touch over apparent undeclared income in the millions.

    Tooks nearly 5 years to resolve. They were in financial purgatory that entire time and it forced the sale of the family home to remain liquid during the course of the investigation.

    • meong on 29/09/2022 - 11:20

      wow…

      was there even any compensation for obvious the loss of opportunity, appreciation of assets due to selling the property?

      • Benoffie on 29/09/2022 - 12:58
        +7

        Nup, nothing. Not even a sorry for the essentially frozen life during the period.

        The feeling of being a criminal when you've done nothing wrong is unnerving. It was like that family aged 20 years in 5 - hell on earth.

        • meong on 29/09/2022 - 15:33
          +4

          I really hope there are more media coverage for this.

          I myself knew someone who was affected by identity theft too albeit in a much smaller scale.

          She only had a casual job and had to miss her shifts (and loss of income) to attend interviews with ATO. She eventually broke down over the phone as she was already struggling financially in which then ATO eventually agreed on maintaining correspondence via email instead of requiring her to come to the ATO building all the time.

          • Lastchancetosee on 30/09/2022 - 10:50
            +2

            @meong: That's disgraceful bullying by the ATO. Surely after an initial interview to establish identity, etc., the rest could be done by phone or email. Email is better for her, too, to have everything in writing rather than unverifiable conversations behind closed doors.

            • meong on 30/09/2022 - 12:57

              @Lastchancetosee: yeah that was back then though (more than 10 years ago) when everything will require you to come to the office for various government services…

              the process should have improved by now but still unnaceptable how they didn't bother about providing some sort of compensation…

  • Fredfloresjr on 29/09/2022 - 11:13
    +3

    Back in the days were nokia n90 and first Playstation portable was released, my mother's (who lives is US) personal information such as DOB, gov ID and address with post code were used to generate credit card from a bank 10000km away where she lives and used to purchase dozen of Nokia n90 and PSP via Ebay.hk. She only found out when she received snail mail about the purchases.

  • junet on 29/09/2022 - 11:15
    +3

    Even if you get a new license number the hackers can continue to use the old number to take credit out. The old number doesn't get cancelled or become invalid does it? Getting a new license number doesn't solve anything.

    Here's the statement from VicRoads - A new licence number will help separate you from future fraudulent activity that may occur on your previous licence
    details however it will not necessarily stop your old licence details being used. VicRoads is unable to prevent other organisations from accepting previous licence information.

    • SirFlibbled on 29/09/2022 - 11:21
      +3

      Which is interesting as the old number should no longer verify through the DVS if it has been replaced. That's probably something the Vic Government should consider fixing.

      • junet on 29/09/2022 - 12:13

        I think your credit file is linked to your licence number. So if you licence is cancelled would the credit businesses know to deactive the credit file? What happens if you get a new number do you need to build a credit history all over again?

        All i've done is put a ban on my credit file for 21 days. Not sure the implications of a new licence number.

        • Trekky on 30/09/2022 - 08:30
          +1

          How do you put a ban on your credit file?

        • SirFlibbled on 30/09/2022 - 09:30

          I used to work in the sector (not for the last 10 years or so) and they used to work off name and DOB. Which causes a lot of issues for statistical twins (people with the same name born on the same day which happens more often than you think).

      • yoquierotaco on 29/09/2022 - 14:01

        Yea agree, any identity check should be looking for the new number as the old number should have been removed from DVS.

        Maybe VicRoads is just trying to protect themselves because they know their system is crap. They should really fix this if this is the case.

  • GordonD on 29/09/2022 - 11:21
    +1

    OP, we all saw what happened when covid lockdowns were announced. People rushed to supermarkets and bought out all the stock of toilet paper. Its the same mentality, and possibly even the same people, who are rushing to change their licences, even if they haven't been told they've had their personal info stolen, and probably in the case of a lot of them don't use Optus.

    We laugh at them, but when the end of civilisation comes, they'll have all the toilet paper. And in the meanwhile if the Optus hacker hasn't deleted his files, they can be sure their identity won't get stolen.

  • trustnoone on 29/09/2022 - 11:23
    +2

    Its probably best to look at it like a risk & issue matrix, but if you look at your data being used nefariously you could say it might have a high impact, but a moderate to low likeliness right now from what we know. With that likeliness increasing over time until you do get your information changed.

    Is it ultimately super urgent right now? Maybe not, for many Optus and Gov agents are still reacting to whats happening that it may actually be harder or more difficult to change licence details. You might even get a more thorough change with appropriate checks in place if you wait for these places to mature. But again, until you change your info your risk still exists (and can increase over time, esp if you're part of the first 10,000).

    If you're free, or have it as your priority, may as well get it changed, may as well update it. I certainly wouldn't wait too long especially if you've been directly contacted by Optus. But I do think some are reacting rapidly when it may be okay at least for a short while (though that won't be helpful if someone starts doing things with your details!).

    • Benoffie on 29/09/2022 - 13:06
      +8

      People do need to pay attention to the email that was sent from Optus.

      Optus changed their systems back in 2017 (ish) (from a mish mash of systems to Amdocs). The credit checks performed prior to that didn't collect D/Ls or passports (or if they didn't they weren't transferred to the Amdocs system) and therefore, many long term Optus customers shouldn't have an issue with their D/L. Email and other personal information - obviously a problem.

      However, if you are a new Optus customer (joined and had a credit check post 2017), you're likely to have had D/L, passport or Medicare information taken.

  • Flying Ace on 29/09/2022 - 11:31
    +6

    Identity theft is not a joke, Jim! Millions of families suffer every year!

  • Sleeqb7 on 29/09/2022 - 12:44
    +1

    In addition to what other commenters have said;
    10200 names were released. The vast majority of Optus customers who were affected by the hack did not know where these details were posted or how to look for them, thus, they're covering themselves against the risk that they're part of that list and potentially dozens or hundreds of individuals could have a copy of.

  • Danstar on 29/09/2022 - 12:56
    -4

    Everyone just wants to feel special / something to complain about

    • Danstar on 30/09/2022 - 10:34
      -1

      There's 3 of them ^^ :D

  • RockyRaccoon on 29/09/2022 - 14:40
    +1

    To everyone so far, its been great reading your insights, much appreciated.

    I mention this to thank you in total for helping understand the issues and as well making this comment, isnt to say its by any means complete.

    Further comments are also welcome.

    Unfortunately OPTUS hasnt told us if they have completed their communication to those affected. All I personally have been told so far is an email 4 days ago that said

    It is with great disappointment I'm writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

    Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, and the number of the ID document you provided such as drivers licence or passport number. No copies of photo IDs have been affected

    Has anyone been communicated with further info, which might help understand if they are just slow, or they have found I havent been as affected as others. You would think they could at least tell us if we are in or out of the issue or what degree we are affected. Given also that the motor licensing departments say we need this info before some will act.

    Thanks again

    • bluesky on 29/09/2022 - 15:25
      +3

      or they have found I havent been as affected as others

      If I am understanding this correctly, those who get this version of email ("The information which has been exposed is your name, date of birth, email, and the number of the ID document you provided such as drivers licence or passport number.") would have their ID document details leaked.

      After that, they started sending emails to those who are affected to a lesser degree ("No ID document numbers or details have been affected").

      Seems like they were trying to contact the most affected group first, in decreasing order.

      • RockyRaccoon on 29/09/2022 - 15:32

        Thanks, although it was a day or more after this, the announcements were made, that they are going to contact those affected and others had said that this email wasnt being accepted as qualifying for a replacement. Guess I better see service NSW.

        Further down the email it says

        Our priority is our customers – so while our investigation is not yet complete, we wanted you to be aware of what has happened so that you can be extra vigilant at this time.

        And Service NSW says

        Customers will receive notifications from Optus on the necessary remediation activities in relation to their driver licences.

        If Optus recommends a customer replace their licence

        So its not easy to read into this email that they are recommending I replace my card. All they seem to be saysing (maybe just using good old weasel words) that I may have been affected, and they will further let me know if I am.

        Hopefully others might have further info or communication from Service NSW or Optus to clarify for me (and others).

        • bluesky on 29/09/2022 - 15:46

          I only think this because some of us were waiting for any sort of email from Optus for the first few days - and nothing, while others were reporting getting the first version - about the ID document being leaked. Then, when we did get an email, it was the less severe version. But I could be wrong. And in time, more detailed emails will follow.

          • RockyRaccoon on 29/09/2022 - 16:47
            +1

            @bluesky: Ok so you havent received any extra email since the first.

            On Whirlpool where I have just returned from, some say they got equifax emails with details on how to access them, so from that does it tell us we arent the worst effected. Still unclear.

            I have tried messaging Optus via the app, but no response back yet.

            • bluesky on 29/09/2022 - 19:34

              @RockyRaccoon: No other emails - only one so far. The one that says no ID documents are affected, although other details are. That is it.

              • RockyRaccoon on 30/09/2022 - 08:35
                +1

                @bluesky: I got onto optus messaging and received this reply

                I’ve checked your account, and at this stage I can’t see that you’ve been impacted; however, I strongly recommend staying extra vigilant. I know this may be worrying – can I share some next steps that may help?

                Plus as Rain Cloud below explained, they had got a further email saying their id numbers were exposed (Have asked for specific wording to help us all)

                A little more reassuring and probably an indication thats there is no more emails to come.

                Given that I will wait a bit until things ease off then for the sake of $29 will probably update my license details Thanks for your specific thoughts

                • bluesky on 30/09/2022 - 12:40
                  +1

                  @RockyRaccoon: Good to hear that you may not be impacted that severely. By the sounds of it, the email you received could be a generic one about the breach - and does not describe how the recipient is impacted. Some of us did not receive this email - perhaps because it was only to current customers? Who knows.
                  Even though being told ID details were unaffected, the amount of details actually exposed is still very unsettling.

  • WordsToSayIt on 29/09/2022 - 19:43
    +1

    Is the risk less if you're on Disability Support Pension and have no other income? Ie heaps lower income so harder to defraud. I got an email from Optus and this is the last think I need on top of managing chronic illness 😔

    • Rain Cloud on 29/09/2022 - 21:35
      +1

      Also receive DSP. I dont really know how risk is calculated but I changed my licence and medicare for peace of mind (did receive email to say my ID numbers were exposed)

      • RockyRaccoon on 30/09/2022 - 08:40

        Hey friend. Thanks for letting us know. Could you post the actually email wording - or maybe key parts of it, so we know its not the same as we have got. Obviously no personal details.

        Or maybe at least indicating you got a second email rather than just the one I got - this will help us relax a little bit 😀 

        It is with great disappointment I'm writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.

        Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, and the number of the ID document you provided such as drivers licence or passport number. No copies of photo IDs have been affected

    • yoquierotaco on 30/09/2022 - 12:18
      +1

      lower income does not make you harder to defraud. people can do a lot of things with identity theft. https://www.abc.net.au/news/2022-09-30/accountants-report-ha…

    • cfuse on 30/09/2022 - 18:39
      +1

      I am on DSP, I submitted my passport for id with Optus, and yesterday I got hit on my payment card with a fraudulent transaction to the tune of $180.

      For all of Optus lame excuses they've either leaked enough to get people into trouble directly, or via data matching. Either way, I'm stuck having to renew all my ids and cards, and payments, and I will still not be 100% in the clear.

      I am not pleased.

  • koplik8 on 30/09/2022 - 07:03
    +2

    Here's the link to register for the up and coming class action:
    https://www.slatergordon.com.au/class-actions/current-class-…

  • yoho on 30/09/2022 - 10:52

    Got the Optus email, and went to VicRoads website and filed in the form for a new licence. Received screen confirmation message but no confirmation number or email. I suspect I just wasted my time or am in a long queue.

    Has any one tried to fast track this process by going to the VicRoads office directly? Has anyone been successful? (e.g. has a new license already)

Login or Join to leave a comment
Login Join