What to do about the Optus and future data breaches?

OZDUCK said:
Another data theft dating back to January with some pretty unconvincing explanations, to me at least, why it hadn't been disclosed earlier. It appears that the only way to get companies to take Cyber security seriously is to ensure that the fines for sloppy IT security far exceed the costs of putting proper defences in place. Hopefully the currently proposed bill will have sufficient teeth to be effective.

www.abc.net.au

Sensitive healthcare information posted to the dark web, as another cyber attack is revealed

Australian Clinical Labs will today start contacting 223,000 people whose data was stolen when the company was the target of a cyber attack in February.
www.abc.net.au www.abc.net.au
Click to expand...

Given they didn't believe data had been exfiltrated, is there an obligation to make an ASX announcement? I suspect not if not financially material.

Which part is unconvincing?
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
 
OATEK said:
It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
Click to expand...
And why do they need to keep all the data anyway? And particularly in an onlne database. In the UK, who have a lot more reason to be paranoid about terrorism etc, one can buy phone sim with nothing but a credit card or cash. No copying of passports, drivers licences etc. Some of the federal legislation introduced in the last 10 years is to blame for this.

Most banks these days still do not have 2FA security. Why not?
 
Daver6 said:
Given they didn't believe data had been exfiltrated, is there an obligation to make an ASX announcement? I suspect not if not financially material.

Which part is unconvincing?
Click to expand...
To me once they had been told in June, so over 4 months ago, that their customers data was available on the 'Dark Web' there was a need for warnings to be issued. Claims of analysing the data to decide who to warn seems doubtful to me.
 
serfty said:
A...1Using the URL methods referred to early in this thread I was able to ascertain that my driver's licence number and expiry as well as name address and DOB had been exposed. (I see that the URL method no longer works with the information now being masked.)
Click to expand...
I just received an email from Vicroads confirming my licence number was compromised. No new licence number but a new licence will be issued (presumably at Optus' cost). It is interesting regarding the new licence as there already is a "code" on the current one.

Dear <serfty> ,

We write to update you on how we are working to help fast track the security of your learner permit/driver licence data in response to the Optus data breach.

We have analysed the data provided to us by Optus, validated that against our database and can confirm your data is part of the Optus data breach.

You will soon receive a free re-designed driver licence card/learner permit that prominently displays a unique card number. This number is in addition to your licence number.

By the end of the year, when you use your licence for identity verification purposes (such as with a bank), you will be required to provide both of these numbers. This provides extra security and an extra layer of protection as the unique card number was not recorded by Optus or exposed in the data breach.
Click to expand...
 
Last edited:
OATEK said:
It seems that most breaches have companies hoping for the best instead of preparing and acting as if it was the worst. that is why we get the drip feed as the reality of what happened is impressed upon them.
Click to expand...
I'm still not sure why they need to store all the details of ID?

One field in the customer master

- ID sighted and verified? (Y/N)
 
serfty said:
I just received an email from Vicroads confirming my licence number was compromised. No new licence number but a new licence will be issued (presumably at Optus' cost). It is interesting regarding the new licence as there already is a "code" on the current one.
Click to expand...
I was in the same situation in NSW. Optus gave me the fee as a credit on my account. I got a replacement DL, with the same DL number but different card number
 
The Flying Schwartz said:
I was in the same situation in NSW. Optus gave me the fee as a credit on my account. I got a replacement DL, with the same DL number but different card number
Click to expand...
How did you go about that? Did you contact Optus first?
 
SYD said:
How did you go about that? Did you contact Optus first?
Click to expand...
No, they proactively sent me advice about what to do. I noticed my next months bill was reduced by (I think) $29 (the replacement fee). It was then up to me to go through the replacement process. I suppose I could’ve just pocketed the discount but I’m taking this seriously. The replacement was pretty easy, a few taps in the app, pay the $29 and the new DL was issued within a day or two digitally and got the physical card a few days after that.

I should also add that I was notified as having had some of my data exposed. If you weren’t in that cohort then you may not be eligible. I also took up the offer of the free 12 month’s security watch with Equifax.
 
Last edited:
The Flying Schwartz said:
No, they proactively sent me advice about what to do. I noticed my next months bill was reduced by (I think) $29 (the replacement fee). It was then up to me to go through the replacement process. I suppose I could’ve just pocketed the discount but I’m taking this seriously. The replacement was pretty easy, a few taps in the app, pay the $29 and the new DL was issued within a day or two digitally and got the physical card a few days after that.

I should also add that I was notified as having had some of my data exposed. If you weren’t in that cohort then you may not be eligible. I also took up the offer of the free 12 month’s security watch with Equifax.
Click to expand...
Interesting. They sent me a text a while back saying they only got my DL but not the card #. Nothing else since. As it turns out, I’d renewed my licence anyway (new card #). Maybe they figured the details they had had expired.

Yep, got the Equifax code a couple of weeks ago.
 
WARNING ... WARNING ... WARNING
Today I received a text message to "receive FREE Equifax Identify protection for recent cyberattack.visit" then a link to an Optus-Equifax.netify.app.

The link site is a designed to extract the few remaining sheckles you might have left in your bank account following the Optus hack.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

prozac said:
WARNING ... WARNING ... WARNING
Today I received a text message to "receive FREE Equifax Identify protection for recent cyberattack.visit" then a link to an Optus-Equifax.netify.app.

The link site is a designed to extract the few remaining sheckles you might have left in your bank account following the Optus hack.
Click to expand...
Yes, I received a sign up code to use at Equifax's official website, not a link in a text. Scammers are obviously taking advantage 😒
 
prozac said:
You received that via email TFS?
Click to expand...
(TFS???) but yes, via an optus email on 30/9 along with a lot of other information. The code worked fine and I've accessed the Equifax service no dramas - it's given me one warning notification and I can even see my credit score 👍
 
The Flying Schwartz said:
(TFS???) but yes, via an optus email on 30/9 along with a lot of other information. The code worked fine and I've accessed the Equifax service no dramas - it's given me one warning notification and I can even see my credit score 👍
Click to expand...
I went to my local Optus shop and got the code from them. Others have said they got it through the app chat function.
 
Last edited:

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

Total: 943 (members: 41, guests: 902)
Back
Top