What to do about the Optus and future data breaches?

[TheRealTMA]

I believe they're required to hold on to it for 2 years after account closure. (In the metadata rules)

There’s absolutely no reason for Optus to have kept drivers licence or passport details. Identity checks are done through third party / government agency.

btw: just bought two £10 sims in Edinburgh so as not to pay the extortion of Optus $10 day roaming pass. No identification needed. Just walk in and say two sims please. Here you are Sir, three bags full.

 

[oz_mark]

There’s absolutely no reason for Optus to have kept drivers licence or passport details. Identity checks are done through third party / government agency.

btw: just bought two £10 sims in Edinburgh so as not to pay the extortion of Optus $10 day roaming pass. No identification needed. Just walk in and say two sims please. Here you are Sir, three bags full.

Depends on how they implement the identy checks. Sometimes it is just querying license information, but you need the license number to do that. In any case, the legislation says

The following:

(a) any information that is one or both of the following:

(i) any name or address information;

(ii) any other information for identification purposes;

relating to the relevant service, being information used by the service provider for the purposes of identifying the subscriber of the relevant service;

 

[lovestotravel]

Partner got the we have leaked all your details email
I haven't received anything.

Now if I put a block on my and her credit file what are the implications ? I know Amex used to check my credit file monthly, but can't seem to see that listed anymore.

So if I block my credit file and Amex try to check it ? what happens ?

 

[kangarooflyer88]

btw: just bought two £10 sims in Edinburgh so as not to pay the extortion of Optus $10 day roaming pass. No identification needed. Just walk in and say two sims please. Here you are Sir, three bags full.

And that's the thing, there is literally no reason to collect this information here altogether. The law that says it is required is dumb and should be repealed. If they are worried about national security, then what about those who are on foreign burner phones who roam here? They don't need to register, they can just connect to the mobile network and do as they wish! Keep in mind too with some UK carriers the international roaming rates here are quite attractive indeed.

-RooFlyer88

 

[OATEK]

There’s absolutely no reason for Optus to have kept drivers licence or passport details. Identity checks are done through third party / government agency.
....

The ID check using DVS is a relatively new service, and I know was not in place when much of my data was collected quite a long time ago.

 

[Amanad78]

I haven't received an email from Optus but went through the process with the link and can see my D/L number. I have put a temporary ban on my credit file.

 

[MEL_Traveller]

They were working on it early in the piece, but it takes time to put in place the agreement.

That may be… but you don’t need to have an agreement in place before you announce it. That could have been one of the first things to say, to reassure people.

According to the news this morning Optus claims it has now reached out to everyone who had their DL published… I have not received anything?

Can people actually do anything with DL and no DOB? Would seem difficult.

 

[33kft]

Just an FYI. When the individual(s) or group who carried out the Optus leak first posted their ransom demand, they provided 2 files of 100 identities each as a way of verifying that they had the data. These were freely downloadable and these very unfortunate individuals suffer a worse fate than others currently in that their data is entirely in the public domain for anyone to download.

Overnight, they released another 10,000 records, totally unredacted. I suspect there will be more over the next 4 days until the deadline expires.

 

[33kft]

Can people actually do anything with DL and no DOB? Would seem difficult.

DOB is part of the leaked data set, it might not be too obvious if looking at the data values themselves as it is expressed as seconds since epoch rather than a formatted date.

 

[MEL_Traveller]

DOB is part of the leaked data set, it might not be too obvious if looking at the data values themselves as it is expressed as seconds since epoch rather than a formatted date.

hmmm

So what can i do? If i haven’t got the email from them offering the free credit services, but I know my details have been leaked via the link posted earlier? Do i contact optus?

 

[Pushka]

Partner got the we have leaked all your details email
I haven't received anything.

Now if I put a block on my and her credit file what are the implications ? I know Amex used to check my credit file monthly, but can't seem to see that listed anymore.

So if I block my credit file and Amex try to check it ? what happens ?

i don't really understand why you would block credit card details. I've never used them for anything Optus. I have put a block on any security checks.

Post automatically merged: Sep 27, 2022

hmmm

So what can i do? If i haven’t got the email from them offering the free credit services, but I know my details have been leaked via the link posted earlier? Do i contact optus?

Those emails havent gone out yet.

Post automatically merged: Sep 27, 2022

Just an FYI. When the individual(s) or group who carried out the Optus leak first posted their ransom demand, they provided 2 files of 100 identities each as a way of verifying that they had the data. These were freely downloadable and these very unfortunate individuals suffer a worse fate than others currently in that their data is entirely in the public domain for anyone to download.

Overnight, they released another 10,000 records, totally unredacted. I suspect there will be more over the next 4 days until the deadline expires.

10,000 a day for four days.

 

[TheRealTMA]

The ID check using DVS is a relatively new service, and I know was not in place when much of my data was collected quite a long time ago.

Well, it’s been in place since the MyGov site and my health record was implemented some years ago. Optus should have followed best practice guidelines. They should not have stored such information against national guidelines. No excuse.

 

[daft009]

Optus September 2022 Cyberattack & Data Breach

whirlpool.net.au

You can work out what data was leaked on your particular account with the above instructions.

Also apparently only customer IDs in the range of 1 to 8,000,000 and 40,000,000 to 48,000,000 were leaked

 

[Pushka]

Optus September 2022 Cyberattack & Data Breach

whirlpool.net.au

You can work out what data was leaked on your particular account with the above instructions.

Also apparently only customer IDs in the range of 1 to 8,000,000 and 40,000,000 to 48,000,000 were leaked

Yep. And I'm in the 5,000,000 range. Using that converter shows the expiry date of my licence as being last year which is correct. As is everything else unfortunately.

 

[Pushka]

Well, the original thread and post with the 10,000 names has been removed. On the hack site.

 

[MelMel]

Post paid customer for 12 months from 17-18. Cancelled July 2018. No middle name, address and birthdate correct, phone number obviously not correct as cancelled, no document numbers. Phew!

 

[RooFlyer]

I’m not affected, but my sister is. Could SKS please post a simple or at least step by step recipe on what do do to stop credit checks etc and other things mentioned here to be done as an interim security measure?

 

[Pushka]

I used Experian.com.au and did a temporary block of 21 days. Can be extended. It alerts you to others trying to do a credit check eg new credit card or loan etc. You also have the option of them alerting other credit providers. It’s free.

Request a Ban on Your Credit Report – Experian Australia

Protect your personal information in case of suspected fraud by learning how you can place a temporary credit ban on your Experian credit report in Australia.

www.experian.com.au

 

[MelMel]

I’m not affected, but my sister is. Could SKS please post a simple or at least step by step recipe on what do do to stop credit checks etc and other things mentioned here to be done as an interim security measure?

Google “credit report ban Equifax”
Click on website
Choose “ban my Equifax credit report”
Follow the directions. Elect for them to notify other reporting agencies as well
Checking the data that Optus has is a bit more complicated, is there someone who can help her?

 

[Pushka]

Google “credit report ban Equifax”
Click on website
Choose “ban my Equifax credit report”
Follow the directions. Elect for them to notify other reporting agencies as well
Checking the data that Optus has is a bit more complicated, is there someone who can help her?

I also did Equifax yesterday and while the website stated it was completed I never received an email. I did with experian.