What to do about the Optus and future data breaches?

SYD said:
As per the example I mentioned, when I was getting my credit reports, as soon as I selected NSW DL as the primary ID, it then opened a further field for the card number. No card #, do not pass ”Go”.

I have seen this on other things, like applying for a UBank account a year or so ago.
Click to expand...
I think it's been progressively rolled out - WA said that the card number has only been required for DVS ID checks from September this year.
 
prozac said:
Every club you enter in NSW usually asks you to place you driver's licence into a card reader. Is anyone worried about the security or lack of with your local club?
Click to expand...
I have always refused to provide a licence scan because I have no way of knowing what use the scans might subsequently be put to (legally or illegally). I fill in the hand-written alternative. One club told me no-licence-no-entry, so I walked out and went (with all the people with me) to a pub up the road, which was very good.
 
Anyone had any further contact re having their passport details exposed?

From my email a few weeks back after the $99 promo for QFF points, the PDF in the "Your Order Confirmation #12345677." confirmation email has my passport number.

I got the "Urgent update from Optus about your personal information" email on Sep 23
The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected.
Click to expand...
And had nothing else since.

Anyone else expect it was their passport that was compromised and haven't had any further contact?
Post automatically merged:

Pushka said:
Crazy. My ID checks have only used the licence number not the card number. As as a director I've had several. One as recently as three months ago. All I plugged in was my DL which was only 9 months old. If it true it's not needed then why did Optus email me to tell me to get a new licence?
Click to expand...
The requirement for card number started from September 1 in every state but QLD & VIC.
FAQs | Changes to the DVS
From 1 September 2022, the card number on a driver licence (DL) will be a mandatory verification field for NSW, ACT, SA, TAS, NT and WA issued licences.
Click to expand...

Hence '3 months' ago isn't recent enough!
 
BeauGiles said:
Anyone had any further contact re having their passport details exposed?

From my email a few weeks back after the $99 promo for QFF points, the PDF in the "Your Order Confirmation #12345677." confirmation email has my passport number.

I got the "Urgent update from Optus about your personal information" email on Sep 23

And had nothing else since.

Anyone else expect it was their passport that was compromised and haven't had any further contact?
Post automatically merged:


The requirement for card number started from September 1 in every state but QLD & VIC.
FAQs | Changes to the DVS


Hence '3 months' ago isn't recent enough!
Click to expand...
So it’s only been a requirement for last 5 weeks or so which explains why I’ve not had to use it. Almost like they have been expecting it.
 
Pushka said:
So it’s only been a requirement for last 5 weeks or so which explains why I’ve not had to use it. Almost like they have been expecting it.
Click to expand...
Yep :)

Also why the "vast majority" didn't have both drivers licence + card number exposed, unless you'd signed up for a new service in the past few weeks (or Optus had captured the number earlier, eg off your physical card).

According to greenID (who ironically provide their verification services to Optus, along with NAB, ubank, etc), it looks like QLD will make card number mandatory from November 2023 too.
 
Pushka said:
ID checks are National though. The only time I was asked for the card number was for my ID check for the SA Govt portal. I didn't need that number to create the GovId account and have strong security.
Click to expand...
Drivers Licences are a state function, and my understanding is that the DVS has to comply with the API that the state provides.
 
Maybe I'm lucky, I haven't received any email from Optus yet. Mrs AS did. It said no ID had been affected, but combination of name, DOB, address, email and phone. Flagged her licence anyway. I suppose a credit check is in order?
 
Be.au said:
Anyone had any further contact re having their passport details exposed?

From my email a few weeks back after the $99 promo for QFF points, the PDF in the "Your Order Confirmation #12345677." confirmation email has my passport number.

I got the "Urgent update from Optus about your personal information" email on Sep 23

And had nothing else since.

Anyone else expect it was their passport that was compromised and haven't had any further contact?
Post automatically merged:


The requirement for card number started from September 1 in every state but QLD & VIC.
FAQs | Changes to the DVS


Hence '3 months' ago isn't recent enough!
Click to expand...

I think it was my passport and I’ve heard nothing - despite directly asking, they said they’re working on notifying people.
 
OATEK said:
Drivers Licences are a state function, and my understanding is that the DVS has to comply with the API that the state provides.
Click to expand...
Yes, things like card numbers being mandatory is actually set federally, by the Department of Home Affairs
 
Just got an email from Optus

Dear Customer,

We recently communicated to you that your personal information has been exposed during the cyberattack on Optus. Once again, we are deeply sorry this has happened on our watch.

During analysis as part of our ongoing investigation, we’ve discovered the number on your Australian Passport was exposed. Please note, a copy of your passport including your image was not exposed.

The Australian Government is working with Optus to safeguard customers from identity crime, including providing advice on actions you can take.

As a result of the government’s rapid response, you don’t need to replace your passport.

If your passport is still current, the Department of Foreign Affairs and Trade has advised it’s safe to use your passport for international travel. The Australian Passport Office has robust controls to protect your identity, including facial recognition.

To prevent the misuse of your identity, we have asked the Department of Home Affairs to block the use of your passport through the Document Verification Service (DVS). This means it can’t be used to verify your identity online via the DVS. You can still use your passport to verify your identity in-person for up to three years past its expiry.

If you’ve renewed your passport since you became an Optus customer, you don’t need to do anything.

If concerned, eligible customers can apply for a replacement passport at passports.gov.au. Visit optus.com.au/support/cyberattack to find out more.
Click to expand...

There's also an updated FAQ on the APO site - https://www.passports.gov.au/optus-data-breach-frequently-asked-questions
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Optus are now issuing promo codes for the free 12 mth subscription to Equifax Protect.

I popped into my local Optus store yesterday and they issued me the code. Which didn’t work initially, so I went back today - turns out the person forget to mention that there‘s a special link and you’ll need to set up a new account with a different email address (if you already have a login).

Optus Equifax Protect 12 month subscription

www.equifax.com.au www.equifax.com.au

Once in, you can a range of financial and identification items for monitoring, as well as the usual credit rating/score plus monthly report.
 
Email sent to NZ passport holders

Dear Customer,

We recently communicated to you that your personal information has been exposed during the cyberattack on Optus. Once again, we are deeply sorry this has happened on our watch.

During further analysis as part of our ongoing investigation, we’ve discovered that the number on your New Zealand Passport was exposed. Please note, a copy of your passport including your image was not exposed.

If you’ve renewed your passport since becoming an Optus customer, or your passport has expired, then you don’t need to do anything.

Otherwise, the New Zealand Department of Internal Affairs have advised it is safe for you to continue to use your current passport for international travel.

You also have the option to ask the New Zealand Department of Internal Affairs to apply a block in the Australia Document Verification Service (DVS) system on your behalf. This block will mean that your passport number cannot be used for digital verification, but it can still be used to verify your identity in-person as required, such as for the purposes of taking out a loan.

With these steps in place, you should not need to replace your passport.

If you have not renewed your passport since becoming an Optus customer and you still have concerns, please contact the New Zealand Department of Internal Affairs to discuss your options at www.passports.govt.nz/optus.
Click to expand...
 
SYD said:
Optus are now issuing promo codes for the free 12 mth subscription to Equifax Protect.

I popped into my local Optus store yesterday and they issued me the code. Which didn’t work initially, so I went back today - turns out the person forget to mention that there‘s a special link and you’ll need to set up a new account with a different email address (if you already have a login).

Optus Equifax Protect 12 month subscription

www.equifax.com.au www.equifax.com.au

Once in, you can a range of financial and identification items for monitoring, as well as the usual credit rating/score plus monthly report.
Click to expand...
Received my code when I asked for one via messaging in the app
 
Add VinoMofo to the list of recent breaches. Just received an email from them. Seems to be contact details etc that have been exfiltrated

Vinomofo experienced a cyber security incident where an unauthorised third party unlawfully accessed our database on a testing platform that is not linked to our live Vinomofo website.
Click to expand...

Testing platform using their real customer database. Somehow adding that it's not linked to their live website is now meant to make me feel better?! 🤦‍♂️
 
Daver6 said:
Add VinoMofo to the list of recent breaches. Just received an email from them. Seems to be contact details etc that have been exfiltrated



Testing platform using their real customer database. Somehow adding that it's not linked to their live website is now meant to make me feel better?! 🤦‍♂️
Click to expand...
Not happy given every organisation should now be aware it is duck season.
 
SYD said:
I meant to mention “Credit ban” in my first post. I haven’t done it yet (I wasn’t entirely sure of the consequence but will do it shortly).
Click to expand...


That’s good advice and I am not sure if it has been officially sanctioned, however it ought to be.

You are entitled to be upset with Optus since they appear to have done little or nothing to prevent this. There are suggestions that the lack of preventative controls in place even translates to encouragement for this data leak breach (allegedly).

As we live in a commercial world, feel free to vote with your feet. Businesses scream when Governements intervene and legislate during periods of market failure. Despite my laissez-faire leaning I would be circumspect to oppose any further data security legislative intervention.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

Another data theft dating back to January with some pretty unconvincing explanations, to me at least, why it hadn't been disclosed earlier. It appears that the only way to get companies to take Cyber security seriously is to ensure that the fines for sloppy IT security far exceed the costs of putting proper defences in place. Hopefully the currently proposed bill will have sufficient teeth to be effective.

www.abc.net.au

Sensitive healthcare information posted to the dark web, as another cyber attack is revealed

Australian Clinical Labs will today start contacting 223,000 people whose data was stolen when the company was the target of a cyber attack in February.
www.abc.net.au www.abc.net.au
 

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 7 more.
Total: 1,105 (members: 57, guests: 1,048)
Back
Top