Optus data breach fallout: how would the frequent travellers be affected anymore than the general public?

4 replies

XWu

Member since 09 May 2020

Total posts 197

Thinking about the fallout from the data breach from a major Telco (apparently the MVNO service resellers using Optus are not affected) involving name, residential address, email address, date of birth, driver license (card and maybe license number), passport details and now Medicare ID number (which is effectively the default federal identification number).

Everyone affected by this breach had similar issues with ID problem particularly phone banking or any services involving human interaction (which the data breach would supply ample details to ID someone over the phone), ironically human interaction is probably more common and the weakest link in remote (phone or internet) service provision, particularly with lost password and stolen phone resulting in illegal gaining access to various critical account.

Wondering if other business/frequent travellers have additional or unique concerns about the Optus breach compared to the general public.

sid

Member since 07 Jan 2011

Total posts 208

If your passport number changes it's also likely any visas or ESTA-type authorisations are also invalidated.

XWu

Member since 09 May 2020

Total posts 197

Originally Posted by sid

If your passport number changes it's also likely any visas or ESTA-type authorisations are also invalidated.

Thanks SID. I guess all international travel related matters would have to change when linking it to the passport, which makes it hard for if you have visas with some countries more than others, particularly when there is some explanation required (wonder if it would have been easy to say the passport is stolen rather than data breach/ potential ID theft where more questions and evidence is required).


Vaccination declaration etc



Last editedby XWu at Sep 29, 2022, 04:05 PM.

Racala

Qantas - Qantas Frequent Flyer

Member since 22 May 2018

Total posts 67

I wish to inject an alternative view into what's happening.

I believe that the hack was undertaken by a group of uni students. They just demanded 1m us in bit coin (really someone would be looking at 20 plus for this).. my theory is that after the original disclosures they hit the worry button.. with every one after them including the fbi.

Has anyone have their bank accounts attacked .. answer No.. has anyone had their passport/drivers licence hacked ..answer No

we have a huge panic!!!!

XWu

Member since 09 May 2020

Total posts 197

Originally Posted by Racala

I wish to inject an alternative view into what's happening.

I believe that the hack was undertaken by a group of uni students. They just demanded 1m us in bit coin (really someone would be looking at 20 plus for this).. my theory is that after the original disclosures they hit the worry button.. with every one after them including the fbi.

Has anyone have their bank accounts attacked .. answer No.. has anyone had their passport/drivers licence hacked ..answer No

we have a huge panic!!!!


From the sound of it, I don't think you understand the implications of the Optus data breach affecting 10 million people and involving the 100 point ID verification process

I would be worried if uni students can do this, as it meant a group of professionals can do better and do this will more intent and readiness to use the data themselves rather than sell it on the dark web

And then the response of the Optus and the government officials is even more worrying

Optus asking for and keeping unnecessary data (some people involved are those who applied for a product but ended up not getting it but yet their data remained on the file and they were informed as part of the breach)

Optus taking more than 24 hours (more like 48) after media announcement to inform individual customers affected

Optus still have not informed many of these customers specifically which ID data is compromised

NSW government initially announced they will help with change of license but now says they will not change license number just card number unless Optus specifically says license number is compromised (unlike most other states)

Federal government taking a few days before allowing passport to be changed on the basis of Optus breach

AFP waited 9 days before taking over the incident affecting more than 1/3 population of Oz (even if Optus handled it well, they would have still needed to be involved early, and it was clear Optus wasn't managing it well)

Federal government should realise the National 100 point ID check is now severely compromised but still trying to organise an alternative and collaboration with commercial entities

Banks and organisations coming saying the info will not be helpful getting into the online accounts as long as password is ok, but everyone knows that the issue is when you use call centres for help and “forgot password “ and the data breach has all you need to prove who you are on the phone (or rather pretend to be someone else)

The 100 point ID is compromised, and you can apply for anything online and providing a different contact details (so you are not informed of the application) and if something hits the fan when your ID is used to do something illegal or compromise your credit history the first time you know about it is a long way down the track when the damage is irreparable


Last editedby XWu at Oct 01, 2022, 06:30 AM.
Last editedby XWu at Oct 01, 2022, 06:33 AM.

Hi Guest, join in the discussion on Optus data breach fallout: how would the frequent travellers be affected anymore than the general public?

Attach Files