What to do about the Optus and future data breaches?

[JohnK]

I wonder just how relevant all this brouhaha is to the average Optus customer.
So they may have given someone my driving licence #.. what use is that to a thief ?
I don't plan to pay their speeding fines….
If we are eventually skimmed of anything.. the service providers will both indemnify and compensate us.

So someone gets a hold of my NSW drivers licence number and gets a speeding fine in Sydney and nominates me as the driver. Why would I pay the fine if I'm in Brisbane? Also wouldn't that be dangerous as they are committing fraud?

I'm struggling to understand identity theft. Yes I know someone can get your bank account and clean it out but how do they run up credit and how would you be liable? What are they purchasing? Where is it being delivered? I'm naive so probably good idea to read some stories online.

@RAM how does someone get a $27000 personal loan providing fraudulent information? Online application? Surely you'd need a lot more information than name, DOB, driver licence # etc. Surely they would need employment details, salary, bank accounts etc?

But in this warped society we've created and support doesn't the financial institution need to prove you are the one responsible? I'm struggling to understand how I would be personally liable for something I did not do. Where was the personal loan deposited? Where did the funds go? Cash withdrawals? Transfers to other bank accounts? All that information should be readily available and lead to the real identity of the person committing fraud but I'm thinking that in this warped society we're making it easier for fraudsters to be protected and much easier to hound innocent individuals.

By the way I'd struggle to get any credit in the mess I'm in. Good luck to anyone with my information. My only concern would be 2 super accounts and I'm struggling to understand how they'd get a hold of those funds.

 

[MEL_Traveller]

So someone gets a hold of my NSW drivers licence number and gets a speeding fine in Sydney and nominates me as the driver. Why would I pay the fine if I'm in Brisbane? Also wouldn't that be dangerous as they are committing fraud?

I'm struggling to understand identity theft. Yes I know someone can get your bank account and clean it out but how do they run up credit and how would you be liable? What are they purchasing? Where is it being delivered? I'm naive so probably good idea to read some stories online.

@RAM how does someone get a $27000 personal loan providing fraudulent information? Online application? Surely you'd need a lot more information than name, DOB, driver licence # etc. Surely they would need employment details, salary, bank accounts etc?

But in this warped society we've created and support doesn't the financial institution need to prove you are the one responsible? I'm struggling to understand how I would be personally liable for something I did not do. Where was the personal loan deposited? Where did the funds go? Cash withdrawals? Transfers to other bank accounts? All that information should be readily available and lead to the real identity of the person committing fraud but I'm thinking that in this warped society we're making it easier for fraudsters to be protected and much easier to hound innocent individuals.

By the way I'd struggle to get any credit in the mess I'm in. Good luck to anyone with my information. My only concern would be 2 super accounts and I'm struggling to understand how they'd get a hold of those funds.

That’s the whole thing… scammers are sophisticated and have sophisticated networks to be able to pull off these things. If you can scam DL and DOB and address you can probably set up a shell company to generate payslips to get your bank loan.

The actual identity theft is one part of the equation. Cleaning up the mess is the other part. It’s not instant to get it fixed up… in the meantime people may not have access to credit cards, bank accounts, lines of credit, or even be able to rent a flat or get a mortgage. Credit files can be cleaned up, but again my understanding is that it can take considerable time, and cost to do so.

If an account has been set up to launder money you could find yourself on a watchlist or banned entry to a foreign country.

The inconvenience can be huge.

 

[33kft]

There are many cautionary tales around how the release of seemingly mundane details have been used by shady individuals.

Tony Abbott's boarding pass was one, but this is my favourite:

Anecdotage

anecdotage.com

 

[JohnK]

If an account has been set up to launder money you could find yourself on a watchlist or banned entry to a foreign country.

The inconvenience can be huge.

True. We created this mess and gave them the protection they needed.

 

[exceladdict]

For anyone utilising Credit Savvy's credit report shield feature (which puts in a 21 day hold), I've noticed the Experian hold applies quickly, Equifax came a few days later. While I'm still waiting on notification from illion, my credit simple report is not viewable, which I believe means the hold should be in place.

 

[Pushka]

For anyone utilising Credit Savvy's credit report shield feature (which puts in a 21 day hold), I've noticed the Experian hold applies quickly, Equifax came a few days later. While I'm still waiting on notification from illion, my credit simple report is not viewable, which I believe means the hold should be in place.

Agree. Equifax sent out a batch of Emails yesterday. Experian applied theirs instantly.

 

[glasszon]

So someone gets a hold of my NSW drivers licence number and gets a speeding fine in Sydney and nominates me as the driver. Why would I pay the fine if I'm in Brisbane? Also wouldn't that be dangerous as they are committing fraud?

I'm struggling to understand identity theft. Yes I know someone can get your bank account and clean it out but how do they run up credit and how would you be liable? What are they purchasing? Where is it being delivered? I'm naive so probably good idea to read some stories online.

@RAM how does someone get a $27000 personal loan providing fraudulent information? Online application? Surely you'd need a lot more information than name, DOB, driver licence # etc. Surely they would need employment details, salary, bank accounts etc?

But in this warped society we've created and support doesn't the financial institution need to prove you are the one responsible? I'm struggling to understand how I would be personally liable for something I did not do. Where was the personal loan deposited? Where did the funds go? Cash withdrawals? Transfers to other bank accounts? All that information should be readily available and lead to the real identity of the person committing fraud but I'm thinking that in this warped society we're making it easier for fraudsters to be protected and much easier to hound innocent individuals.

By the way I'd struggle to get any credit in the mess I'm in. Good luck to anyone with my information. My only concern would be 2 super accounts and I'm struggling to understand how they'd get a hold of those funds.

Problem is the onus is on the victim of identity theft to prove they didn't borrowed the loan/committed a crime, and the implications can be tire if it happens at the "wrong" time.

Imagine what happens if you purchased a property and suddenly a bank declined to move forward with your mortgage pre-approval because of a loan you didn't know that existed? Time to say good bye to your deposit.

Even just for a simple loan, once it passed onto the collection agencies those organisations will make your life hell; they have heard hundreds of times people claiming they didn't borrow the money etc and wouldn't buy your identity theft story, and they will push the boundary in terms of what the law permits when it comes to debt collection.

 

[JohnK]

Even just for a simple loan, once it passed onto the collection agencies those organisations will make your life hell; they have heard hundreds of times people claiming they didn't borrow the money etc and wouldn't buy your identity theft story, and they will push the boundary in terms of what the law permits when it comes to debt collection.

I understand your point but should I be concerned if there was a murder committed in Perth and someone left a note on the floor with my name and address on it? Do I need to prove I was somewhere else or do the detectives need to prove I was there and committed the crime?

This is no different.

Someone steals my name, DOB and IDs then create shelf companies for payroll records, create fraudulent bank accounts, borrow or launder money and the onus is on the victim to prove it was not them.

That's wrong. It should be the other way around. Governments of the world can stop these scams but there's so much corruption they ignore it. Follow the money trail. It's not that difficult and that will lead to the real culprits.

 

[RooFlyer]

But all the reports have stated that not all accounts were hacked. Also the hacker said they released 10200 account details and then wiped the only copy they had. So at present we know 10200 are definitely at risk or 0.05% of the Australian population.
There are different versions of how many accounts were accessed with reports I have seen ranging from 120000 to 1.2 million. So at worst 5% of Australians are at risk.
I have not seen any reports that all optus accounts were accessed so saying that this affects 40% of the Australian population is a little OTT. But journalists like a little sensation.

I think the ‘40% affected’ thing is valid. If I was an Optus customer, and was not hearing anything from Optus because ‘your data wasn’t stolen’, I’d still be worried - First, for not hearing anything and then, not necessarily believing that the company is on top of it all. So I think all Optus customers are ‘affected’ until it’s definitively shown that the hack is contained to a certain number of people.

I'm struggling to understand identity theft. Yes I know someone can get your bank account and clean it out but how do they run up credit and how would you be liable? What are they purchasing? Where is it being delivered? I'm naive so probably good idea to read some stories online.

@RAM how does someone get a $27000 personal loan providing fraudulent information? Online application? Surely you'd need a lot more information than name, DOB, driver licence # etc. Surely they would need employment details, salary, bank accounts etc?

I suggest you better understand identity theft because it can happen without a data theft like Optus and therefore to anyone, such as you.

Certain levels of ‘identity’ such as passport, drivers license etc numbers, bills giving an address etc are used to prove ‘identity’ for bank and government type products and services. Certain levels of identity are produced by different things and they are each given ‘points’. A number of ‘points’ - from various combinations of documents - is enough to ‘prove’ your identity - or who you say you are.

If I can get enough of your identity data ( points), I can contact those organisations and say ‘hey, it’s JohnK here, see, and I’d like to do this and this and this, and let’s change all my passwords while I’m here. From that point, I am you as far as the govt and the banks are concerned and you will have to wear all the consequences of what I do.

 

[1022]

I received a text message from Optus this evening "reassuring" me that only my licence number was leaked, not the card number. Their advice: get in touch with the relevant state authority....which I did last week online to have a new licence issued. In NSW that means retaining the old licence number but with a new card number issued. I'll think about whether it's worth the effort of sending Optus the $29 bill. The 60k points I signed up for 3 months ago have cost me a helluva lot!

 

[AIRwin]

I received a text message from Optus this evening "reassuring" me that only my licence number was leaked, not the card number.

Same - even though the initial email stated no ID document numbers or details have been affected.

 

[OATEK]

I received a text message from Optus this evening "reassuring" me that only my licence number was leaked, not the card number. Their advice: get in touch with the relevant state authority....which I did last week online to have a new licence issued. In NSW that means retaining the old licence number but with a new card number issued. I'll think about whether it's worth the effort of sending Optus the $29 bill. The 60k points I signed up for 3 months ago have cost me a helluva lot!

Same - even though the initial email stated no ID document numbers or details have been affected.

I got the same message, but I already expected that was the case as it did not show up in the data from the API queries.

 

[SYD]

I received a text message from Optus this evening "reassuring" me that only my licence number was leaked, not the card number. Their advice: get in touch with the relevant state authority....which I did last week online to have a new licence issued. In NSW that means retaining the old licence number but with a new card number issued. I'll think about whether it's worth the effort of sending Optus the $29 bill. The 60k points I signed up for 3 months ago have cost me a helluva lot!

Ditto. Fortunately, I’d already renewed my licence since applying for Optus…

 

[glasszon]

I understand your point but should I be concerned if there was a murder committed in Perth and someone left a note on the floor with my name and address on it? Do I need to prove I was somewhere else or do the detectives need to prove I was there and committed the crime?

This is no different.

Someone steals my name, DOB and IDs then create shelf companies for payroll records, create fraudulent bank accounts, borrow or launder money and the onus is on the victim to prove it was not them.

That's wrong. It should be the other way around. Governments of the world can stop these scams but there's so much corruption they ignore it. Follow the money trail. It's not that difficult and that will lead to the real culprits.

I agree it shouldn't be the victim of identity theft to prove they didn't do it, but until the entire system changes, we can all agree that it is a very costly affair for victims of identity theft.

 

[drron]

It turns out it was only my DL number hacked. not a great problem as I need to get a new licence anyway as us over 70s in QLD need to have a medical every 6 months and my licence has to be endorsed reflecting that.

 

[exceladdict]

I received a text message from Optus this evening "reassuring" me that only my licence number was leaked, not the card number. Their advice: get in touch with the relevant state authority...

And what about for states that don't have card numbers as an extra step of verification?

 

[serfty]

It may have been already mentioned in this thread, but in any case, the barefoot investor had some tips this last weekend. Here is an excerpt from a free subscription email I received today.

---

Instead, what you want is a big cough lock on your door that makes it impossible for the robber to get in your house.

Thankfully there is one app that will let you put a lock on your credit file.
....
In both cases we’re just needy adults desperately trying to keep your attention. (Credit Savvy makes its money by selling leads to finance companies to get you into debt).

However, part of their app that I’m interested in allows you to lock your credit file with a swipe or click of a button.

So here’s what I want you to do, step-by-step to lock down your credit file so that scammers can’t rip you off.

Step 1: Download the Credit Savvy app (either in the Apple or Google app stores).

Step 2: Verify your details (I used my driver’s licence and Medicare card).

Step 3: Press “protect” from the bottom navigation.

Step 4: Press “Request a ban”. Credit Savvy will then let the other credit agencies know you’ve got a ban on your file within 2 business days.

Step 5: On the 16th day the Credit Savvy app will remind you that your pause is ending. When you get that alert – and this is important – click “ban my credit report for 12-months”.

And that’s it!

---

 

[Pushka]

It turns out it was only my DL number hacked. not a great problem as I need to get a new licence anyway as us over 70s in QLD need to have a medical every 6 months and my licence has to be endorsed reflecting that.

My number has been the same for 50 years! In SA. Only the card number changes and that’s not used for ID. Are you sure it has changed?

I’ve now received advice from Equifax of the ban for 21 days but license now changed anyway.

 

[RooFlyer]

@serfty what legitimate uses/queries of one’s credit file being locked or banned might be affected ?

 

[CMA222]

@serfty what legitimate uses/queries of one’s credit file being locked or banned might occur?

When I activated the lock a week ago I understood any queries from any credit provider would receive a notification that the file is locked and no access will be provided to any credit provider of the client's credit history or to confirm any details. My immediate reaction was surely any queries to a locked credit file should sent up a red flag and it should be reported for follow up whether it is an attempted fraud. A text or email message to the account holder advising there has been an enquiry would start the ball rolling. I have already started receiving marketing emails from Credit Savvy so it seems an obvious enhancement to their marketing activities.