Optus Data Breach

[EBSXR6]

https://www.abc.net.au/news/2022-09-...ers-/101466036

[russellw]

It's way at the more serious end of the scale if only because (unlike most breaches) it includes identifying information including addresses and (in some cases) ID document details.

I'm sure their head of IT Security will be looking for a new job shortly.

These companies (and Government organisations too) insist on being given our personal data and think that an apology is sufficient when they fail to actually protect that data from malicious agents - well it's not.

[tweeked]

Yeah, losing control of passwords is one thing, a pain for everyone to change but pretty simple. Changing your name and date of birth so your ID cannot be used in the future.....that is a bit trickier.

[jaydee]

Quote:

Originally Posted by russellw

It's way at the more serious end of the scale if only because (unlike most breaches) it includes identifying information including addresses and (in some cases) ID document details.

I'm sure their head of IT Security will be looking for a new job shortly.

These companies (and Government organisations too) insist on being given our personal data and think that an apology is sufficient when they fail to actually protect that data from malicious agents - well it's not.

Exactly, "All care taken, blah blah blah"
Meanwhile some poor schmuck gets hacked, identity stolen, frauds committed in your name and you have to clear your name and credit rating.
Then one day you're at a plane terminal somewhere and get arrested, chucked in prison.
It can take years to sort out.
Just not good enough.

[marty351]

In these circumstances, and in this age of cyber-everything; Is "plausible deniability" a legal protection recognised in law, especially when so much evidence can be used to prosecute or defend this situation?

[gutza]

Myself and my family have been with Vodafone for many, many years.

It always bugged me when upgrading, they would want to photocopy my D/L, Medicare, Debit/Credit card.

I know the authorities need to track potential criminal activities on the phones, but still ......

Anyway, in 2019, it finally happened ( although on a smaller scale ). Luckily we were not affected.

The owner of the Vodafone store in Tuggeranong (Canberra), was implicated and finally convicted of involvement in ID theft.

Here's a short news article for anyone interested.

https://the-riotact.com/former-vodaf...-scheme/529872

[Citroënbender]

The prospect of a major data breach is something I definitely worry about and these events totally (IMO) justify concerns about safety of data vested with others who are often all but inaccessible to the Everyman.

My next pondering on the Optus fail, is how many of the leaked data sets were kept “just because they could” - no longer current customers, retention periods outside of legal requirements.

Quote:

Originally Posted by marty351

In these circumstances, and in this age of cyber-everything; Is "plausible deniability" a legal protection recognised in law, especially when so much evidence can be used to prosecute or defend this situation?

With governments increasingly reversing the onus of proof, I don’t fancy your chances. Add “trial by social media” and if you’re painted black, you’re finished - whether fair or not.

[russellw]

As it currently stands in Australia, there is no repercussions against a company from a legislative standpoint unlike the EU model GDPR regulations which have stiff fines that peak at €10M but are doubled if there is negligence involved.

Likewise, some Europen countries have introduced criminal liability that can result in the prosecution of those deemed to have been negligent.

Apart from the damage to the Corporate reputation, there have also been successful class actions for 'damages' in other countries and there is a current one against Optus in Australia for a much smaller data breach in 2019.

[FroudeyBrand]

I find it funny that its quite a coincidence that days before the leak, someone used my licence to open up a up.com (bendigo bank) bank debit account.

[mondeomatureguy]

Hi Guy's
This is a very worrying thing that has happened with Optus. Its the older people like my mother inlaw who in her 80s that iam worrying about.
My wife phoned her and told her not to answer any e-mails, or txts and phone calls that she didnt know the number.

To go in person to a Optus Office and get details then go to your bank and have a chat with them.
I heard on the Radio that you can go and change your driver's Licence number just by going to a Service First Office.

[GT1533]

According to the ABC, changing your license number is quite difficult.


https://www.abc.net.au/news/2022-09-...bers/101475118

[mad2]

Quote:

Originally Posted by GT1533

According to the ABC, changing your license number is quite difficult.


https://www.abc.net.au/news/2022-09-...bers/101475118

depending on your state. think i read earlier that in vic it's a case of give us a call when someone has drained your account.......

[JasonACT]

It was reported today (though I think I saw it on the DailyMail - so.....?) that the people involved have deleted the archive and apologised for releasing 10,000 individual's private details.

https://www.dailymail.co.uk/news/art...sell-data.html

[T3rminator]

Quote:

Originally Posted by russellw

I'm sure their head of IT Security will be looking for a new job shortly.

That person is a relatively recent recruit from the Bank of England. That may save him. I think it will largely depend on how he handles this incident, rather than be responsible for letting the incident happen in the first place.

Their old CISO left in August, and only updated his Linkedin profile to say so a few days ago...after the hack!

Quote:

Originally Posted by russellw

As it currently stands in Australia, there is no repercussions against a company from a legislative standpoint unlike the EU model GDPR regulations which have stiff fines that peak at €10M but are doubled if there is negligence involved.

I think the OAIC can issue penalties. https://www.oaic.gov.au/about-us/our...ivil-penalties

And being a publicly listed company, I think ASIC may be able to apply some form of penalty as well.

[mad2]

Quote:

Originally Posted by GT1533

According to the ABC, changing your license number is quite difficult.


https://www.abc.net.au/news/2022-09-...bers/101475118

i now have the 'temp' licence decal whilst waiting for my new licence . . ....

[Itsme]

Quote:

Originally Posted by mad2

i now have the 'temp' licence decal whilst waiting for my new licence . . ....

I now have received the new licence from Vic Roads which is a big relief for me, now I'm weighing up my option who will be my new internet & mobile phones provider.

[xkxlxm]

I was a little bit surprised, when the Optus thing happened, to hear the CEO (?) say: "I am angry that there are people out there who will do this to our customers." (or words very close to that)

It seemed to show a very naive level of thought for someone in such a senior position. Of course these people are out there and it's your job to do everything possible to stop it happening.

[T3rminator]

Quote:

Originally Posted by xkxlxm

I was a little bit surprised, when the Optus thing happened, to hear the CEO (?) say: "I am angry that there are people out there who will do this to our customers." (or words very close to that)

It seemed to show a very naive level of thought for someone in such a senior position. Of course these people are out there and it's your job to do everything possible to stop it happening.

Train wreck interview. From what I have heard, the bad guys didn't have to "hack". A series of bad practices meant the data was made available on the internet. The bad guys just had to find it and take it.

[roKWiz]

Not really sure why we are so surprised about this, reckon it's only the tip of the iceberg before we see more state sponsored hacker having their way.

[J Arthur Rank]

A big part of the problem is the people in charge of these big (and small) companies have no idea about IT security or even IT principles in general - hence a dumbarse comment like the CEO made.