Optus: How a massive data breach has exposed Australia

Last week, Australian telecommunications giant Optus revealed about 10,000,000 customers - about 40% of the population - had personal data stolen in what it calls a cyber-attack. Some experts say it may be the worst data breach in Australia’s history. But this week has seen more dramatic and messy developments - including ransom threats, tense public exchanges and scrutiny over whether this constituted a “hack” at all. It’s also ignited critical questions about how Australia handles data and privacy.

Optus - a subsidiary of Singapore Telecommunications Ltd - went public with the breach about 24 hours after it noticed suspicious activity on its network. Australia’s second-largest telecoms provider said current and former customers’ data was stolen - including names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers. It stressed that payment details and account passwords were not compromised.

Those whose passport or licence numbers were taken - roughly 2,800,000 million people - are at a “quite significant” risk of identity theft and fraud, the government has since said.

Optus said it was investigating the breach and had notified police, financial institutions, and government regulators. The breach appears to have originated overseas, local media reported.

Early on Saturday, an internet user published data samples on an online forum and demanded a ransom of $1m (A$1.5m; £938,000) in cryptocurrency from Optus. The company had a week to pay or the other stolen data would be sold off in batches, the person said. Investigators are yet to verify the user’s claims, but some experts quickly said the sample data - which contained about 100 records - appeared legitimate.

The government has called the breach “unprecedented” and blamed Optus, saying it “effectively left the window open” for sensitive data to be stolen. The breach highlights how much Australia lags behind other parts of the world on privacy and cyber issues, Cyber Security Minister Clare O’Neil says. “We are probably a decade behind… where we ought to be,” she told the ABC.

Hack or not, that is, indeed, “a massive data breach” … :scream:

1 Like

Why would they need passport and driving license numbers? Especially since they don’t seem to have protected that information as much as they did payment information or passwords.

1 Like

Your identity is one of your most valuable assets. If your identity is stolen, you can lose money and may find it difficult to get loans, credit cards or a mortgage.

Your name, address and date of birth provide enough information to create another ‘you’. An identity thief can use a number of methods to find out your personal information and will then use it to open bank accounts, take out credit cards and apply for state benefits in your name.

What signs should I look out for?

There are a number of signs to look out for that may mean you are or may become a victim of identity theft:

  • You have lost or have important documents stolen, such as your passport or driving licence.
  • Mail from your bank or utility provider doesn’t arrive.
  • Items that you don’t recognise appear on your bank or credit card statement.
  • You apply for state benefits, but are told you are already claiming.
  • You receive bills or receipts for goods or services you haven’t asked for.
  • You are refused financial services, credit cards or a loan, despite having a good credit rating.
  • You receive letters in your name from solicitors or debt collectors for debts that aren’t yours.

Because to buy a SIM card or register a SIM you have to provide 100 points of ID, a passport or Driving Licence gives you 70 points in one go. Most people use a Driving Licence and Medicare card

What was wrong was that they held on to that information.