Optus notifies customers of cyberattack compromising…


847
652 shares, 847 points


Optus notifies customers of cyberattack compromising customer information


Like it? Share with your friends!

847
652 shares, 847 points
Seraph110

28 Comments

Your email address will not be published.

  1. Optus should be fined to oblivion for this. Blows my mind how our PII data getting breached means fuck all now.

    Just “we’re sorry, we will do better” email.

  2. >Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers. Payment detail and account passwords have not been compromised.

    Woof. Jackpot. Big yikes.

  3. Wow! As an Optus customer still working through a whole new set of ID docs, credit score corrections and security overhauls after mine were stolen (still no idea how, but probably something like this…probably more common than we know), this is horrifying. What can happen? Well. In my case, the jackass crim used my licence number and Medicare number to set up two Westpac accounts in my name with my address (but mrs and I’m not married) and went on a spending bender, and I was then receiving demands for payment of the thousands overdrawn. I name and shame westpac because which bank lets a new customer spend thousands on accounts with zero balance? Oh. That one. Between security compromises and lack of checks when someone illegally uses said data, we are all frighteningly vulnerable to large losses, despite our caution (one cannot set up a phone account without sharing id docs)! My losses could have been huge had I not filed a police report and stamped my feet for action by the ‘no effs given’ bank to wipe the fraudulent debt. These companies need to catch up with contemporary vulnerabilities and their potential exploitation and invest in protections.

  4. > For customers believed to have heightened risk, Optus will undertake proactive personal notifications and offering expert third-party monitoring services.

    Or how about actually sending some communication to all customers that have been impacted, both past and present?

    How am I finding out about this from media reports and not communication directly from Optus about what information has been leaked?

    I just looked up my customer authority form from when I signed up to a plan years ago and these are listed at the top:

    Name

    Date of Birth

    Driving Licence Number

    Driving Licence State

    Contact Phone Number

    Contact Email Address

    So the hackers have breached all their customer authority files. Why the fuck would they keep all that info on files and not encrypted? I’m cancelling my plan and moving to another telco, absolute morons.

  5. As someone who works in the cybersecurity industry, they didn’t get hit with a cyberattack they had shit waiting to get exposed.

  6. Do customers ever have any recourse when stuff like this happens? Or do you just have to eat shit and live with the threat of easy identity fraud over your head?

  7. Would this effect Aussie Broadband customers who use their mobile services since they use the Optus Network? Is the a data dump somewhere?

  8. Just an FYI – I think their chat system is being crushed but if you do get through, they will check if you are affected or not.

  9. The first thing that came to mind for me is the threat of them setting up new lines of credit with that info that I’ll be on the hook for when they don’t pay it. You can’t even stop this kind of thing, you just find out it’s happened when debt collectors come after you. Can anyone recommend a good service that monitors credit applications?

  10. *”So the main action for everybody is to just have an increased vigilance so that we can spot if this data is being used early and prevent it being used for more customers,” she said.*
    Wow… Optus loses the keys to the house and tells customers to be responsible for vigilance.
    Message to Optus: You have all our data. Why don’t partner up with an international credit watch provider so we can automatically have free credit monitoring and protection for as long as our passport or drivers license is valid?

  11. Seeing how Licence Numbers/Medicare Numbers/Passport Numbers were hacked, they should be forced to pay out of pocket to the people that’ll have to go and potentially get new ones so they can’t be defrauded.

    Also, the government should make this much easier to do.

  12. Not the first time this has happened and won’t be the last. Also explains the ever increasing scam calls everyone has been getting.

    All they care about is profits, profits.

  13. ID document numbers, passports and licence wtf why keep that… just do the initial check and delete. This is really really bad. Would I be able to find out what was leaked? Should I change licence etc?

  14. Optus IS going to be fined for this… The question is, *how much*.

    Every business in Australia that holds Personally Identifiable Information (PII) is going to be watching this, because I don’t think this has really been tested yet in a Court of Law since the new laws have come in compelling businesses to report such breaches.

    Edit: The scary thing is, most businesses don’t know they’ve been hacked until *around 8 to 12 months afterwards.*

    I think businesses are only required to do Security Audits *yearly* – even though they should do them more often.

  15. I have never been happier that I don’t have direct debit set up with my account. My husband thought I had lost my mind when I said I don’t trust these mother fuckers with my bank info.

    Just did a full password reset on all accounts now because of this. Also haven’t heard shit from Optus. Thank fuck for reddit.

  16. I finally got a response on the chat. Here’s a rundown:
    • My account is flagged as compromised
    • Optus knows this can be worrying
    • When asked what they are doing to assist customers affected by their inadequate security I’m told it was not done by Optus (the breach)
    • Then told they couldn’t see that my data had been compromised…….huh? Which one is it then?
    • I need to go into an Optus store and they can add my contact details (you had them Optus and gave them to hackers) And ensure my account is 100% safe with them……bit late for that
    Not feeling good about this