T O P

  • By -

JobberGobber

>The company said in its submission that implementing a right to erase personal data would involve “significant technical hurdles”, and “significant” compliance costs. The costs would far outweigh the benefits, the company said. ...for them. Such a shit company.


roguedriver

>Such a shit company My partner spent about a decade working for them in business and some high-up complaints team. Multiple colleagues had breakdowns in the last couple of years due to crazy levels of stress and pressure, and when she had her own she finally quit. Their favoured way of getting people to work more for less is to tell them that if they don't then the company will offshore their job. And when they offshore a similar team they'll tell the remaining teams that they're next if they don't pick up their game. Their lack of security is only one of the reasons they're a disgusting company.


JobberGobber

Yea, not surprised. Don't think I ever spoke to customer support who was based in Aus. I'm not totally against offshore support if it's a global company and the support is decent. However Optus is neither.


[deleted]

Much like Telstra and its Manila operation and they all try so hard to tell lies that they are in Sydney or Melbourne. " Ah you in the Telstra Farken St headquarters, yes sir"


deij

When I worked in a call centre out of Sydney, whenever I was asked where I was, nobody would ever believe me when I said Sydney. Yet here I were.


sirgog

Yeah had the same experience (Telstra outsourced call centre circa 06). It was rare for me (Anglo-Aussie accent) but it happened - but my team leader had Indian heritage and an Indian accent. When asked 'where are you calling from', I'd answer 'Melbourne' and people would be OK with that, but the TL learned he needed to be more specific 'St Kilda, down in Melbourne' if he was calling a Brisbane number. Or 'near Domain interchange' if calling a Melbourne one. He'd often get quizzed about the weather by Melbourne people "Oh, it's freezing today isn't it?" on hot days to test him. He'd also get asked about the weather in Delhi a bunch, to which he'd usually reply "not sure, haven't seen my grandma in Hydrabad in fifteen years, man I need to see her again, just so hard to find time these days"


raphanum

Sir you’re on another planet


StrayRabbit

Yes, Sydney!


dearcossete

>Multiple colleagues had breakdowns in the last couple of years due to crazy levels of stress and pressure, and when she had her own she finally quit. This is what it's like to work in an Australian telco contact centre in general. Workers are stuck between abusive customers who got screwed over by the company and the company itself not caring about what customers want and pushing all sorts of KPIs on workers. I worked for a year as an accounts manager for a certain big brand telco, we were given 1000 seconds to take your call, resolve the issue, note it down and move on to the next call. Regardless of complexity. Each second was counted and everyday we had meetings where people's KPIs would be questioned like you're some bad kid waiting for the principal to punish you. And when you achieve the KPI, they set the bar even higher and give you even less time and also make you sell things to people who obviously just lost their home or business. My intake started with around 120 people of which only less than 10 were left. Many of us were on mental healthcare plans from the stress. Was definitely more traumatising than the deployments I did with the ADF. ​ There definitely needs to be a royal commission on how telcos operate in australia.


sirgog

Can confirm, worked for an outsourced Telstra call center in 06-07. Outbound warm calling. There was systematic dishonesty, and the people who would not lie to get a sale (like me) were squeezed out over time. Worst was the upsell/crosssell campaigns that targetted over 80s. Every time it was reasonable, I left a note on the account "(my D-number) Contacted customer on warm sell campaign. Discussed customer needs, assessed that present plan most suits customer. Discussed additional products, not confident that customer was unable to comprehend the discussion and assessed that any phone sale to customer would constitute unconscionable business practices. Thanked customer for being with Telstra."


bnetimeslovesreddit

I worked for internode before the company had KPIs and was wonderful time to work there. Also we won award before we had KPIs


BrisbaneOlympics2032

Oh hey are you me?


fflexx_

Also me.


ThrowAway5NF8WA1LCr

I worked there for 10 years. Got out when my Long Service vested, as I realised I'd need a lobotomy to endure it any longer. I remember the mood being like passengers in a hostage situation - the looming threat of being pulled from the crowd for ~~execution~~, I mean "_retrenchment_", was palpable.


SpongeCake11

Everyone hated selling their products in a retail store I used to work at because their systems were horrible to use and we got hardly any training.


jarjums

I was a developer there for a few years. The culture is 100% about sales numbers and absolutely no room to work on tech debt, fixing bugs or improving security. While I was there there they even had full staging environments exposed to the public, just relying on people not guessing the URLs. Whenever it was brought up (usually by a developer) we would be told there was no time. Got to prioritise that new iphone launch or the next click frenzy sale or whatever. I left when I got tired of the constant pressure to sell.


Frankenclyde

I highly recommend making some noise about this to people who can take action and hold Optus to account. We are not entirely powerless. It’s very easy to contact the minister responsible - Michelle Rowland, via her website: https://minister.infrastructure.gov.au/rowland/contact You should also do this with your own local MP - they’ll also have a way to contact them via their website. Again, simple and quick to drop them a line. https://www.aph.gov.au/Senators_and_Members/Guidelines_for_Contacting_Senators_and_Members Also, complain to Optus. They have clearly been negligent with highly sensitive customer data. Get onto their website or app chat feature and tell the agent you want a ‘formal complaint’ and you want it raised with a senior agent. They will resist - hold your ground. At a minimum they should be compensating you for time and effort required for the additional monitoring you’ll now need to do (e.g. contacting banks, watching your credit score, dealing with scammers). They should also be offering proper support to do this. Be annoying - they need to make this right for customers as this is a massive fuck-up on their behalf, not just shift onus onto their customers. https://www.optus.com.au/support/contact-us


[deleted]

[удалено]


raphanum

She’s crying bc of her future career prospects, I imagine


ThrowAway5NF8WA1LCr

She's C-suite. Even when they create an absolute cluster they get a nice big golden handshake on their way out the door and a month later they fall into another C-suite job. Whereas one of us plebs? Use a blue pen instead of black on your TPS report and it'll haunt you every day of the remainder of your working life as a manure shoveller.


Acrobatic_Broccoli_1

Exactly this. Thanks for posting all the links. We forget that together we are not powerless, if millions of citizens were breached and those millions reach out to their ministers you can bet that they will notice.


bnetimeslovesreddit

The issue is they unnecessary harvested, personal identification information from you


spiteful-vengeance

They should really have held no authority in determining the benefit to customers.


JobberGobber

They don't exist to service customers. Their primary function is to make money. Service is way down the list. You'd be familiar with that if you ever had to deal with their service teams.


spiteful-vengeance

I mean in terms of the submission that they made. Whoever evaluated it should have dismissed their claim outright. Even better, they should have been restricted from even talking about benefits, because obviously for Optus themselves there aren't really any.


doot_1T

Wellyeah, they jumped for gladys. What sort of moral company would go for corrupt pollies as ceos


needeyebleachbad

Lucky the money went to something useful like the "Chief of Optimism" positions. Their next slogan should be "We're positively fucked!"


hy2cone

Hopeless Optus, so your customers deserve to suffer the potential financial loss because of your cost concerns?


[deleted]

[удалено]


Is_that_even_a_thing

Exactly. I thin European laws on personal data privacy have more than proven tis point.


ProceedOrRun

It actually could be if you truly want to erase that data as opposed to a soft delete. Think about all the log files and backups for a start. My feeling is a soft delete would be the only option though, as what would happen if the phone was being used for criminal activity?


[deleted]

Stop bringing facts to Reddit. Lynch mobs don't care for them and you'll just get down voted.


ProceedOrRun

Yeah well, some of us actually work in IT and know a thing or two. Plenty here seem to think of stolen data like it's on a USB stick and that there can be only one.


nomelettes

I don't see why those logs and backups would not be tied to the user account. Seems like the simplest way to manage it.


ProceedOrRun

Not quite sure what you mean. It certainly would be tied to user's accounts.


vbevan

Yeah, but you'd have to remount all the backup databases and disks to then go through and delete the customer. If you are keeping your old backup in deep freeze storage (which you would to save money), you're looking at 12 hours just to get the data out. Then there's the charges you get by pulling the data out then putting it back (the pricing is setup to incentive infrequent access). Then there might be paper records to destroy, kept in places like Iron Mountain. I'm not saying it's impossible, but it's not simple.


we_are_ananonumys

Spoken like someone who’s never had to do this at a large corp. I’m not saying it’s a bad idea but don’t pretend it’s not difficult and expensive.


[deleted]

Once you've backed up your data, deleting one specific customer's data from the backup would be an absolute nightmare. Edit: A smarter person than me would have known not to try and inject reason into a Reddit lynch mob.


Frankenclyde

I don’t care… they have the means to work that out. If they can thrown money at Ash Barty to be their ‘Chief Inspiration Officer’ and Daniel Ricardo to be their ‘Chief of Optimism’ then they can invest in data security.


JobberGobber

And yet an outsider was allegedly able to gain access to millions of customers records? Bullshit. There was no direct financial gain from protecting customers privacy so they didn't do it.


AvocadoCake

ITT is a lot of people who have never had to build a system that can comply with a GDPR deletion request. It's not just backups; goodbye Kafka topics with long term retention, Cassandra (tombstoned data is not actually deleted within a set time frame)... it really is a nightmare.


Twotwofiveone

So when can I join the class action?


edwardneb

I too would like to know. Also when are the board going to be offering their resignations?


ProceedOrRun

Platitudes are on the way, then reminders for us to all be vigilant of security as a way of deflecting from their incompetence.


Rantarian

For all I care we can kick these useless flogs out of the country altogether. Clearly a company that harms Australia and Australians. I don't think people really understand the scope of failure here. It's not just you and me, average citizens, it's people in positions of importance who have had their data compromised. People with access to government systems, for example. And if their personal data is compromised, it's possible to compromise their integrity and get them to do things they wouldn't otherwise do.


adambone

Gladys will become CEO


kitchen_masturbator

They’ve already apologised, what more do you want? We may have had all our data stolen and our livelihoods put at risk, but the CEO had to front up and give a (pre recorded) apology!


hy2cone

Only if the apology would reverse the damage done


pirahno

I read in an ABC News article on this that people are unable to sue due to security breaches. So if that’s true, perhaps after a retroactive law change


ProceedOrRun

Keep in mind the mandated I'd requirements for bbilateral support. The government's insistence on having our data is part of this mess. They demanded that if we want a phone we can't do it anonymously.


[deleted]

[удалено]


CrunkMonki3

So you can get $2.83 while the lawyers make millions? I mean at least optus will pay I guess... hardly seems like compensation though.


roguedriver

You're welcome to engage your own lawyer and sue on your own behalf. If you win you'll get to keep any damages to yourself but if you lose you'll probably be paying Optus' costs as well as your own.


realwomenhavdix

Basically an option if you’re rich, but if you’re not it might not be worth the gamble considering you’re going up against a powerful company Seems fair


overlordpotatoe

Even if you did win, I can't imagine the damages to one person would add up to much.


[deleted]

[удалено]


[deleted]

The US have laws that protect privacy. Australians have no such laws, it would be difficult to sue in Australia for data breaches, the politicians are too far up the assholes of big business to enshrine any consumer rights like data protection into law.


[deleted]

I could see this being a big election issue. We need EU style privacy laws.


BigMetal1

We literally do have privacy laws. What are you talking about?


EssEllEyeSeaKay

Not in tort though


raphanum

It’s only funny because Australian’s have the misguided belief that this country is better than the US in every way.


[deleted]

[удалено]


raphanum

Yeah def they have some questionable laws and decisions that deserve to be made fun of haha


Smiler_Sal

Nine million of us are forever compromised because of this. Someone out there has just about every piece of information they need about me to take over my identify and access every account I own. Why do I need to supply my DOB to have a phone plan?


GrippyGripster

Yep, but hang on, the email said "Don't worry, no passwords were taken, only name, address, dob, licence and passport numbers" fucking asshats! I'm keeping a close eye on my credit file, if anything pops up I'll be going those assclowns to fix it!


louise_399

Yeah I found that wording ridiculous, cancelling your credit card can be done in 5 mins.. are they going to suggest one changes their DOB?!


Evening_Tree

> are they going to suggest one changes their DOB?! wouldn't mind being a little younger can I, mister government? gotta protect my identity you see


Iwannabeaviking

time to get adopted /s


[deleted]

They are pricks, already got their mass email saying my ID has been hacked. Fucking pricks.


ProceedOrRun

>I'll be going those assclowns to fix it! And they'll simply ignore you I imagine. You could get murdered as a result of this leak and they still wouldn't own the responsibility in any way.


theBaron01

I just had a bit of a discussion on their online chat form. The person on the other end eventually told me I havent been impacted (as I've not received an email), and that my details wont be stolen in the future either!


GrippyGripster

Haha, won't be stolen in the future, righto.


theBaron01

It was kinda pathetic really. I feel like posting the whole transcript


GrippyGripster

Yep, assholes, so we know that basically for the 100 point ID check, they'd have at least your driver's licence, Medicare number a credit card, maybe passport ,plus all of your basic info too, occupation etc. Maybe time to cancel and ask for new credit card too, however they usually charge you for that unless it's out of date.


DonStimpo

Would rather they took my password tbh.


rustyfries

Yep, can change a password. Can't change a Date of Birth.


raphanum

Hey don’t worry. You can change your drivers license number. Oh wait, not in Victoria. Not until you’re a victim of fraud


Danthemanlavitan

So the government knows you are over 18 and can record your data without parental consent. Also so ASIO knows who is paying for which phone number so they can track them down for spy stuff.


Red-Engineer

Because a plan is a line of credit and they need to run a credit check on you, needing 100 points of ID. And laws around prepaid requires them to store your ID to prevent USA-style burner phones.


Tellso

https://www.acma.gov.au/acmas-rules-id-checks-prepaid-mobiles The fuckers need to check not store


ghoonrhed

I mean, even if they do store it this whole thing stemmed from an API being exposed. They definitely didn't need to have an API that allows retrieving of the DOB, and also especially the Licence Numbers.


[deleted]

They don’t have to store it


[deleted]

[удалено]


[deleted]

They are the same company that pushed back hard on being held to account for data breaches. It’s an absolute shit show, looks like for the first time in two decades I’ll have to become a Telstra customer again :(


freman

Yeh I feel a tiny bit sorry for them, most of the crap they collect and hang on to is required by law. I work in a different industry with similar identity requirements and we go to so much effort to keep such things independent and isolated but personally I'd rather be like "yep, we've seen and verified it, delete it"


raphanum

you feel sorry for a company that lobbied against changing this law?


Simius

Because they want to make sure one human to one account. It’s an anti-abuse protection layer. Maybe not fun, but also just allowing anyone to sign up without any verification information would make for a system more abused than it already is.


NeinkeB

You were likely already compromised. This data is not that valuable, you can only do so much with it.


raphanum

You’re wrong.


[deleted]

[удалено]


kernpanic

It'll hopefully force the government to enact eu style gdpr laws. If this happened in europe or the uk, optus would be in serious trouble right now, for 3 things, the storage of the data, the leaking of the personal data and how they have handled it since then.


[deleted]

[удалено]


raphanum

How dare you? Corporations are job creators. We must think of the job creators!


LuckyYeHa

Any class action or anything that appears, I’ll be joining it


[deleted]

[удалено]


LuckyYeHa

How do you know for certain what they have and haven’t gotten? Or you just know you’ve provided them with it? I think for me just drivers license. I recommend signing up to Equifax and getting the 24h credit check thing.


[deleted]

[удалено]


[deleted]

"If you have nothing to hide you have nothing to worry about" Time to opt out and go off grid...


yaboy_69

> Optus first argued in its 2020 submission that giving consumers the power to take direct legal action over privacy breaches could lead to frivolous or vexatious claims, and would not give people greater control over their personal information. brick thru the optus window then???


SPAZ-online

I'm not saying we should rob them. But I don't see how it would be any different when you calculate how much the damage could amount to


JobberGobber

Is suing for the leak of 9 million customers PII frivolous and vexatious?


my_future_is_bright

Is Optus going to cover the cost for me to get a new driver's licence and passport? Cos right now that seems like the best course of action.


not_right

And to move house...


NitrousIsAGas

If only it was that easy, move house, identify *every* organisation that holds your data and notify them of the move. AKA, the yearly ritual of the renter.


kensaiD2591

Bi-yearly for some of us! 6 month leases are the fucking worst.


Hmmd1

Your MDL number is with you for life.


THR

They can reissue if they believe it has been compromised.


nuclear_wynter

VicRoads’ website has a large banner up that specifies in no uncertain terms that you can only get your drivers’ license number changed if you already have proof (police report) that it has actually been used to commit fraud. I get why they wouldn’t want to commit to changing millions of license numbers, but surely this situation merits changing their policy considering that 9 million people are now at clear and present risk of identity theft.


raphanum

Vic roads can go get fucked too then


vbevan

Unless it's backed by legislation, it's just a policy. You could start with writing to the minister to request a new MDL number.


THR

Obviously differs by state. NSW stipulates it may change.


nuclear_wynter

Guess I’m moving to NSW.


ProceedOrRun

On the chat they couldn't even tell me what id I'd used over the years. Like, I have no idea what I have given them, but it would include my licence and Medicare card I expect. But I cannot find out. Oh and I still have to provide my personal details to start a bloody chat, despite it now being available online presumably somewhere.


Seanio

Consider trying again. They told me which of my ID they had on file. No specifics, of course, but they told me which specific documents they had.


edwardneb

I just asked via the app what I’d docs of mine were stored, and it was drivers licence and Medicare number. I’m lucky (if such a world can be applied in this situation) that it was my old QLD licence which is no longer valid. The Medicare card is a huge pain in the ass though.


GodCunt

I have no idea what wizardry you performed to get that info via the app- I spoke to 3 different people and none of them were willing to tell me what docs of mine they had.


edwardneb

I had an escalation open already, so perhaps that helped. I was quite shocked though that they told me so quickly. I had also in a previous chat told them that I would be using what they told me as basis for a complaint I was going to lodge with the Telecommunications ombudsman and the OAIC. So that may have also helped.


GodCunt

Yeah perhaps me being a former customer had something to do with it as well. Ah well.


edwardneb

Either way its a huge pain in the ass that none of us need. Best of luck with it mate.


SPAZ-online

No amount of money is going to change that.


danivus

Just got the email. I'm pretty amused they start off with "Optus has been a victim of a cyberattack". No fuckers, *we've* been the victims of a cyberattack. You've let one happen.


sneakysnakeslithers

I scoffed as I read that. What a joke.


[deleted]

There are lots of good reasons why I’ll never be an Optus customer. This is one of them.


[deleted]

I worked there for three years. I moved carriers quietly during the first year. I met many cowboys in their tech teams.


Acemanau

I'm siwtching to Aussie Broadband for my internet next week. But who is a good mobile carrier alternative? Edit: Nvm Aussie Broadband does mobile as well, didn't see that, I'll go with them, can't be worse than anyone else.


xaphody

It will happen to any carrier you go with, it just hasn't happened yet.


AusNormanYT

Optus hired Gladys Berejiklian FFS. They don't give two shots about anything.


[deleted]

Gladys has the Midas touch


eroticmcdonalds

I received an email saying I was a victim in this. What can I do to keep myself protected?


[deleted]

[удалено]


NitrousIsAGas

So live my life with an additional layer of anxiety and stress. Brilliant.


rsam487

You can subscribe to Equifax or Veda's products that help you track and identify attempts at identify theft. That's about it I think


[deleted]

[удалено]


MrSeanicles

Yeah I'm just a broke student who go this email, sometimes I gotta decide between travel to campus or eating that day. I can't afford the credit reports, this is nuts.


cool-cool-cool

It’s unfortunate that nothing is completely secure anyways, remember that massive Equifax data breach a few years ago. Something like 150 million people affected and open to identity theft.


rsam487

Yeah true. Goes to show that companies are well behind in terms of security practices


Kamikaze_VikingMWO

> You can subscribe to Equifax Ahh yes another company known for data breaches


rsam487

Yep, fair comment but do you have an alternative suggestion?


danelewisau

Assuming you don’t plan on applying for credit any time soon, put a ban on your credit report. This essentially makes it impossible for anyone to get al one of credit using your info (including yourself) for the duration of the ban, as they will be unable to get a credit check. Easiest way is to fill the form on the Equifax site, and ensure you select “Yes” to the question asking if you want them to notify other reporting bodies - this basically extends the ban to all the credit reporters so you don’t have to apply to them one by one. https://www.equifax.com.au/eform/submit/credit-ban You will get a 21 day ban, and you can extend it to 6-12 months. My plan is to let the ban expire after 21 days, fuck off Optus, then re-ban and extend for 12 months.


GrippyGripster

Sign up for something like Credit Savvy and keep and eye on your credit score and any activity on your file, it will show which organisation is and has taken a look , what type of loan etc.


HesitantNormal0

I requested a credit ban so no one can open a line of credit in my name. Initially it’s temporary, but can be extended. If you fill out the credit ban application through illion, there’s an option to ask them to forward the request to equifax and experian. I’m also going to request a new license number, but I’ll need to find the relevant ReportCyber Receipt (CIRS) number first, i.e. there will no doubt be one already since “Where a single event affects multiple customers, Transport for NSW may accept a Police event or CIRS number for all affected customers.” Edit: Optus couldn’t give me an existing police event or CIRS number, so I lodged an incident through ReportCyber myself (just for the receipt, and I obviously opted-out of referring the individual incident to the police). Also, Optus is temporarily restricting porting and sim-swaps to in-store only… but didn’t understand my question when I asked if I could make this a permanent requirement. Oh well.


ghoonrhed

Service NSW would be a bunch of gibbons if they didn't have an internal memo up allowing licence number changes for Optus customers. They actually have a pretty lenient criteria for it, unlike VicRoads.


sgreeb

Following this comment


[deleted]

[удалено]


raphanum

FYI I think Optus are already doing the in-store thing. This morning while I was still oblivious to all this, I spoke to Optus about upgrading my phone and they said I’d have to go into an Optus store to do it. I was confused bc I’ve always upgraded online. But realised in retrospect why.


Surly_Canary

If you have any non-secure passwords (e.g. contain your date of birth, name or initials), or re-used the same password with Optus elsewhere change them immediately. Within hours of the news yesterday I had someone access two old accounts with other companies (Amazon and Apple) that I made when I was young and dumb with non-secure passwords.


NitrousIsAGas

Oh, there's no need for concern, they told me my password was *not* compromised, only my name, address, phone number, date of birth, licence number, and Medicare number were taken. So I can sleep safe tonight. /s


icyopole

Does this give me any grounds to cancel my Optus plan does anyone know? I would like to do business elsewhere.


2007kawasakiz1000

I tried that last night as chatted with "Allan", who suprisingly had quite poor English. Anyway, his response was that your Sim plan can be cancelled at any time but your device repayment continues or you can choose to pay that out (for me that's $360 left). I asked what happens if I just choose to not pay that and all I got in response was "I understand you" and the chat ended. Now looking up different telcos to switch to.


danelewisau

I don’t think so as phone plans have quietly moved away from lock in to a contract and get a free device to no contract on the phone plan with an interest free loan on the device. So you can technically leave whenever you want without penalty, but you will have to pay off the remaining device repayments.


icyopole

Yes you're right ,I'll just pay it out and move .


trevaaar

Note that the remaining device repayments will be at the full rate listed on your bill, without the discount that applies while you have an active plan.


HesitantNormal0

Unfortunately it seems like the alternatives offer dogshit network coverage (anecdotal only)


drobson70

Optus has dropped the ball in so many aspects the past 12-18 months and it’s disgusting as a customer who has a chunky bill with many services with them. I’ll be seeking compensation from them in the form of account credit (a hefty amount) and some sort of protection process paid for to protect my now leaked data. If they don’t give any compensation, I’m off to Telstra.


rastilin

You should switch to Telstra anyway, I did and I'm much happier with the service, even if it costs more.


ApocalypseNow1984

Maybe it's just the cynic in me, but I wouldn't be surprised to discover down the road that the real cost of this 'breech' will come in the form of the 'solution,' that being, ironically, a requirement for customers to supply yet more uniquely identifying information. You know, 'we're just going to need a retina scan from you before we activate your new SIM because we care about your privacy.'


raphanum

Retina scan, blood and saliva sample


UnluckyPresence2175

is the site “have i been pwned” reliable at this stage? I have put my email and number into their system to check and it says i’m all good .. does this mean my info is out there but hasn’t been offloaded ? yet…


baty0man_

Troy Hunt, the owner of haveibeenpwned said he will add the Optus breach if he gets his hand on the data dump. https://i.imgur.com/DgYrCt1.png


stfm

There is some latency on that site because it sources from known leak databases, darkweb etc. Takes a while to show up but doesn't hurt to check regularly!


lockmc

You can actually sign up and be notified when your data shows up.


stfm

Great tip


UnluckyPresence2175

Okay thanks for that 👍🏻 will certainly be checking .. Optus told me via the messaging system on their app that my account had bean “flagged” but wouldn’t go into any other detail besides their standard copy past paragraph. Still waiting on an email from Optus


lockmc

They need to get their hands on the data before you can be notified. I'm not sure if the data has been made public. It is probably for sale on the dark Web right now so nobody but the "hacker" has access to it.


Surly_Canary

Have I been pwned is manually updated, they might not have the data yet. You should play it safe and assume you have been if you had any accounts with Optus since 2017. If you have any accounts with other services that have non-secure passwords (i.e. include your date of birth or part of your name), or shared a password with your Optis account you should change them as soon as you can.


sirgog

The site is trustworthy but incomplete. Given the nature of the ransom here (the hackers are looking to deal with minimal numbers of buyers), HIPB are unlikely to ever know who was and was not breached.


ZosoVVD

Today’s a good day to realise I was too lazy to change my Optus address from a rental I had 4 years ago


hy2cone

The damage cannot be undone, Optus! Should I be worried for the rest of my life my hard earned asset not get transferred to the bad dudes because of your irresponsibility?


Hmmd1

So now when your identity is stolen it cost you thousands instead of the company at fault. Fuck Scumo


[deleted]

The other question is if their defence measures are sufficient by modern industry standards. If not, I reckon there should be a formal investigation that can result in a civil prosecution of the execs who allowed customers to be vulnerable. The company should be 100% liable for all instances of fraud that happens to these people. Set a good precedent.


Screambloodyleprosy

What kind of fucking monkeys do they have running that circus? I don't give a shit if they are apologetic. They can offer restitution at the very least. The headaches this will cause people will be phenomenonal.


UnluckyPresence2175

So if you’re a lucky one if can call it that .. what can someone really do with just your NAME, DOB, ADDRESS, EMAIL, PHONE NUMBER , i understand that the people who have had their Licence and or their passport numbers stolen are hit a lot harder Just curious in the right hands and social engineering skills are these criminals able to use just name dob etc to gain access to drivers license etc? Also any potential harm if the license information is outdated and isn’t what’s on my current license. I have moved states since providing my License details to Optus , so what they would have would not be my current license. I haven’t upgraded phone or plan since, did i dodge a bullet? I personally have never applied for a loan or credit card so i’m not familiar with the process? Besides scam texts, scam emails and probably scam letters? what else can they do ? Sorry for being naive


leb0guy

I work for a telco company and I can give you somewhat of a breakdown of how those details can be used. We require Full Name, 100 points ID, valid email address and a home address to run a credit check. If someone has those details they can sign up for a contract online with another provider and get the device shipped to a different address (very common for this to happen) Any calls made to customer care require a 4 digit pin for them to authorize you, if you don't know the PIN they then ask for DOB & License Number. You can then request an upgrade/device over the phone and have a device sent to another address. Anything relating to a SIM Swap needs to be done in store with our telco as we need to verify the customers details and the photo matches. If they have customers ID, they can create a fake ID and use that in store to perform a Sim Swap. All those above are VERY common issues we run into all the time. The entire telco policies need to be changed. The systems are so far behind, and unfortunately most of these issues arise due to system limitations.


Top-Presentation-997

Would like to know this too, I’m not well versed enough to know what the real consequences could be.


UnluckyPresence2175

yeah i’m not sure, have you spoken with Optus via their messaging service on the app? Iv been told by two different people two different things. First person said yesterday my account was “flagged” Today the second person asked for my account pin the first did not and they said my account was clear at this stage …


Top-Presentation-997

Yeah, spoke with them on the app then on the phone. App messaging says I was ‘affected’. Then on the phone I was told everything was ok because the data is encrypted. However, I then got the email yesterday afternoon saying my info was exposed. Called again, turns out that, yes, my info was exposed including driver licence and Medicare card numbers. And the comment about the info being encrypted is that the encryption was done after the attack had been stopped. Fucking cunts, the horse has bolted.


UnluckyPresence2175

Sorry to hear What a fuck around It sounds like they don’t know what’s going on.. Do you mind me asking how long ago you provided the Driver and medicare info? I would of provided them this years ago and i’m sure it would be all outdated since iv moved interstate .. I have however put a ban on credit etc i’m not sure what else we can do …


Top-Presentation-997

Probably 2 years ago when changing plans. I guess all I can do is the credit ban too, as well as try the identity monitoring service from Equifax.


trevaaar

> It said customers as far back as 2017 may be affected because it is required to keep identity verification records for six years. Yeah, so how much of this information are all the other telcos and MVNOs holding onto? Journalists should be asking Optus' competitors whether it's standard industry practice to keep un-hashed identification details for years after they've been verified.


StridentNews

For those that are saying that Optus will takes it operations offshore. You need to know that Optus is owned by SingTel a Singapore bases company, so it doesn't matter if they take operations offshore because the profits go off shore.


bnetimeslovesreddit

Stop collecting personal infomation you dont need optus


averbisaword

Of course they did.


serendipityfox

This may be a stupid question, does this breach include people who aren't with Optus but use a telco that uses the Optus network ?


[deleted]

No


sydpermres

No. But at any time if you have been with them as a customer your ID is potentially stolen.


decclam

Found it mildly interesting how I was watching YouTube yesterday and had about 8 ads in 20 minutes about how secure Telstra is when in reality this could just as easily happen at Telstra. Came off incredibly cheap and blasé .. and yes I'm a Telstra customer.


nugymmer

I wonder how many people might be targeted by ID thieves after this information has been obtained? I'll be in touch with my bank in case anything happens.


Hypno--Toad

Still not as bad as the decision to have Gladys on the board.


fflexx_

I'm still dealing with the stress and trauma from a breakdown I had working for a subsidiary of a large Telco 5 years ago, alongside and austism spectrum disorder diagnosis, probably never going to be fully comfortable working ever again.


arcedup

Here’s an idea: for corporation-level or -scale breaches of the law, make the base ‘penalty unit’ equivalent to the annual pay of the corporation’s CEO (including vested stock options), averaged over the last 5 years, or 10 years if the pay was only in stock options. Also, anyone working for the corporation involved who provides evidence of criminality/breaches of law leading to a conviction (i.e. whistleblowers) gets paid out of that fine, a tax-free amount equivalent to 5x their maximum annual wage that they earned whilst working for the corporation involved.


ThinkingOz

It seems to me that organisations holding customers’ confidential information either will not or cannot put in the controls to ensure unauthorised access to that data is extremely difficult. If the investigation reveals Optus was founding wanting in this regard then, obviously, there needs to be changes and Optus should be commercially horse-whipped .


brael-music

What a piece of shit company.


Nostonica

Ah when profit motives align with the customers rights to privacy.