What to do about the Optus and future data breaches?

Another data theft dating back to January with some pretty unconvincing explanations, to me at least, why it hadn't been disclosed earlier. It appears that the only way to get companies to take Cyber security seriously is to ensure that the fines for sloppy IT security far exceed the costs of putting proper defences in place. Hopefully the currently proposed bill will have sufficient teeth to be effective.


Given they didn't believe data had been exfiltrated, is there an obligation to make an ASX announcement? I suspect not if not financially material.

Which part is unconvincing?
 
It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
 
Australia's highest-earning Velocity Frequent Flyer credit card: Offer expires: 21 Jan 2025
- Earn 60,000 bonus Velocity Points
- Get unlimited Virgin Australia Lounge access
- Enjoy a complimentary return Virgin Australia domestic flight each year

AFF Supporters can remove this and all advertisements

It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
And why do they need to keep all the data anyway? And particularly in an onlne database. In the UK, who have a lot more reason to be paranoid about terrorism etc, one can buy phone sim with nothing but a credit card or cash. No copying of passports, drivers licences etc. Some of the federal legislation introduced in the last 10 years is to blame for this.

Most banks these days still do not have 2FA security. Why not?
 
It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst.
I suspect it's more a case of not understanding the risks and issues.
 
Given they didn't believe data had been exfiltrated, is there an obligation to make an ASX announcement? I suspect not if not financially material.

Which part is unconvincing?
To me once they had been told in June, so over 4 months ago, that their customers data was available on the 'Dark Web' there was a need for warnings to be issued. Claims of analysing the data to decide who to warn seems doubtful to me.
 
A...1Using the URL methods referred to early in this thread I was able to ascertain that my driver's licence number and expiry as well as name address and DOB had been exposed. (I see that the URL method no longer works with the information now being masked.)
I just received an email from Vicroads confirming my licence number was compromised. No new licence number but a new licence will be issued (presumably at Optus' cost). It is interesting regarding the new licence as there already is a "code" on the current one.

Dear <serfty> ,

We write to update you on how we are working to help fast track the security of your learner permit/driver licence data in response to the Optus data breach.

We have analysed the data provided to us by Optus, validated that against our database and can confirm your data is part of the Optus data breach.

You will soon receive a free re-designed driver licence card/learner permit that prominently displays a unique card number. This number is in addition to your licence number.

By the end of the year, when you use your licence for identity verification purposes (such as with a bank), you will be required to provide both of these numbers. This provides extra security and an extra layer of protection as the unique card number was not recorded by Optus or exposed in the data breach.
 
Last edited:
It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
I'm still not sure why they need to store all the details of ID?

One field in the customer master

- ID sighted and verified? (Y/N)
 
Just got an email from VicRoads. My licence was not part of the breach but they're going to replace it anyway.
 
I just received an email from Vicroads confirming my licence number was compromised. No new licence number but a new licence will be issued (presumably at Optus' cost). It is interesting regarding the new licence as there already is a "code" on the current one.
I was in the same situation in NSW. Optus gave me the fee as a credit on my account. I got a replacement DL, with the same DL number but different card number
 
I was in the same situation in NSW. Optus gave me the fee as a credit on my account. I got a replacement DL, with the same DL number but different card number
How did you go about that? Did you contact Optus first?
 
How did you go about that? Did you contact Optus first?
No, they proactively sent me advice about what to do. I noticed my next months bill was reduced by (I think) $29 (the replacement fee). It was then up to me to go through the replacement process. I suppose I could’ve just pocketed the discount but I’m taking this seriously. The replacement was pretty easy, a few taps in the app, pay the $29 and the new DL was issued within a day or two digitally and got the physical card a few days after that.

I should also add that I was notified as having had some of my data exposed. If you weren’t in that cohort then you may not be eligible. I also took up the offer of the free 12 month’s security watch with Equifax.
 
Last edited:
No, they proactively sent me advice about what to do. I noticed my next months bill was reduced by (I think) $29 (the replacement fee). It was then up to me to go through the replacement process. I suppose I could’ve just pocketed the discount but I’m taking this seriously. The replacement was pretty easy, a few taps in the app, pay the $29 and the new DL was issued within a day or two digitally and got the physical card a few days after that.

I should also add that I was notified as having had some of my data exposed. If you weren’t in that cohort then you may not be eligible. I also took up the offer of the free 12 month’s security watch with Equifax.
Interesting. They sent me a text a while back saying they only got my DL but not the card #. Nothing else since. As it turns out, I’d renewed my licence anyway (new card #). Maybe they figured the details they had had expired.

Yep, got the Equifax code a couple of weeks ago.
 
WARNING ... WARNING ... WARNING
Today I received a text message to "receive FREE Equifax Identify protection for recent cyberattack.visit" then a link to an Optus-Equifax.netify.app.

The link site is a designed to extract the few remaining sheckles you might have left in your bank account following the Optus hack.
 
WARNING ... WARNING ... WARNING
Today I received a text message to "receive FREE Equifax Identify protection for recent cyberattack.visit" then a link to an Optus-Equifax.netify.app.

The link site is a designed to extract the few remaining sheckles you might have left in your bank account following the Optus hack.
Yes, I received a sign up code to use at Equifax's official website, not a link in a text. Scammers are obviously taking advantage 😒
 
You received that via email TFS?
(TFS???) but yes, via an optus email on 30/9 along with a lot of other information. The code worked fine and I've accessed the Equifax service no dramas - it's given me one warning notification and I can even see my credit score 👍
 
(TFS???) but yes, via an optus email on 30/9 along with a lot of other information. The code worked fine and I've accessed the Equifax service no dramas - it's given me one warning notification and I can even see my credit score 👍
I went to my local Optus shop and got the code from them. Others have said they got it through the app chat function.
 
Last edited:

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Back
Top