What to do about the Optus and future data breaches?

It's sadly more of an optical illusion designed for PR and the image of being seen as "doing something" than reason for anyone to stop being very vigilant about their account data during those 21 days. That's because there are several ways to get around the ban, and anyone with the right information would be able to do it, which is precisely the problem here. That information has been improperly accessed.
I'd hope that cancellation requires the insertion of the original claim number?
 
I'd hope that cancellation requires the insertion of the original claim number?
No, you can authorise the credit reporting agency to release your report to a third party during the ban with written permission specifically referring to which party you're authorising the release.

It doesn't matter much anyway. None of the risk is going to go away within 21 days nor does the risk materially decrease after that time. Some hackers might even wait until the storm dies down a bit. Likewise, Optus is hoping that 3 weeks from now when the arbitrary ban comes off, this will be out of the news cycle -- and for the most part, it will be.
 
No, you can authorise the credit reporting agency to release your report to a third party during the ban with written permission specifically referring to which party you're authorising the release.

It doesn't matter much anyway. None of the risk is going to go away within 21 days nor does the risk materially decrease after that time. Some hackers might even wait until the storm dies down a bit. Likewise, Optus is hoping that 3 weeks from now when the arbitrary ban comes off, this will be out of the news cycle -- and for the most part, it will be.
I'd expect to have it ongoing for some time. I'm past the loan and credit card churning. And if no consent is given to a third party then I don't see it as a problem for me.
 
EXCLUSIVE OFFER - Offer expires: 20 Jan 2025

- Earn up to 200,000 bonus Velocity Points*
- Enjoy unlimited complimentary access to Priority Pass lounges worldwide
- Earn up to 3 Citi reward Points per dollar uncapped

*Terms And Conditions Apply

AFF Supporters can remove this and all advertisements

I'd expect to have it ongoing for some time. I'm past the loan and credit card churning. And if no consent is given to a third party then I don't see it as a problem for me.
You can place a hold or extend an existing hold whenever you like.

Not a bad idea for those affected, as it's possible some hackers might not bother trying to get the hold released if it fails on first attempt.
 
You can place a hold or extend an existing hold whenever you like.

Not a bad idea for those affected, as it's possible some hackers might not bother trying to get the hold released if it fails on first attempt.
I guess they have 10 million to choose from 😒
 
Apparently they got my passport number. they have a problem as that number has been changed when i got my new passport this year.
 
Apparently they got my passport number. they have a problem as that number has been changed when i got my new passport this year.
Do you remember using your passport at Optus?
 
For some reason I used it instead of my D/L. Probably because Tasmanian hospitals require it to work. Optus worked better in Latrobe. That was the only time I used Optus.
 
QLD - If you've received an Optus data breach notice, you can change your driver licence number and receive a new driver licence free of charge:
 
SA is also replacing licences for no charge. Channel 7 apparently downloaded the list of 10,000 and called up a few.
 
"The state has yet to detail exactly how residents can receive the new licence, but those concerned can call (07) 3097 3108 for help."
QLD has already published info on the site:
 
So hacker has now apologised to optus and said data all deleted

Sounds like a great ploy to get it out of the news and stop people taking preventative measures which could reduce the value of the stolen data

Not arguing with you over what they should have done, just saying that many current and past customers would have been registered in their system before DVS came along. Best practice on privacy always starts with a question along the lines of Do I need to record this information and in this case they certainly needed to record much of the leaked information although it is not clear whether passport/DL numbers were needed or just the result of the ID check. Then comes a second question Have I ensured that the information is protected and will remain private and this is clearly a fail.
Absolutely. Why wasn't it deleted, why wasn't it encrypted, behind 2FA, etc.
 
Sounds like a great ploy to get it out of the news and stop people taking preventative measures which could reduce the value of the stolen data


Absolutely. Why wasn't it deleted, why wasn't it encrypted, behind 2FA, etc.
I don't think it is a ploy. I am coming to the view that there was nothing sophisticated in any of this. It was just an opportunistic play, when someone saw an open door. Probably thought it would be easier to sell.

As to the second point, why wasn't it behind any form of authentication seems to be the real question
 
Sounds like a great ploy to get it out of the news and stop people taking preventative measures which could reduce the value of the stolen data
Franky there is nothing anyone can do now that the data is leaked out. Even if Optus pays the million dollarydoos (which I doubt they'll do), how do we know for certain that was the one and only copy the criminal had? For all we know it has already been sold to someone on the dark web?

With most data breaches like this, the actual identity theft doesn't happen immediately overnight. Smart criminals know that folks will lock their credit and set up credit monitoring for a year. What is more than likely to happen is they use these pieces of identification in a couple years time when everyone has let their guard down. This is why I get my free credit report annually from the credit bureaus just to make sure everything is on the up and up.
Absolutely. Why wasn't it deleted, why wasn't it encrypted, behind 2FA, etc
Incompetence? No doubt a number of developers at Optus did not take a single security training course to realize such common sense things as you don't publish an end-point to the public without authentication or anything else. The fact that this lack of training is happening at a telco which should have a security culture given the type of information that passes through their networks is worrisome.

-RooFlyer88
 
Very confusing. Very disappointing.

This will be very interesting. I have problems obtaining credit so good luck to anyone with my details.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top