Six days on, I’m a worried Optus customer still on hold
If Optus’ customer details database was as impenetrable as its chatbot service, we wouldn’t be in this mess, writes Debbie Schipp. Read the transcript of the chat here.
NSW
Don't miss out on the headlines from NSW. Followed categories will be added to My News.
Having been responsible for the biggest data breach in Australia’s history after a major hack caused the details of up to 9.8 million customers to be compromised almost a week ago, Optus has done a lot of crying and said a lot of sorrys, but not much else.
I’m one of the customers who received the first email from Optus, regrettably informing me my details had been compromised.
Very sorry, they were. Unforgivable, they said.
They’d be in touch again, they said.
Meanwhile, best you monitor your bank account for unusual activity. And take appropriate precautions — like checking the authenticity of email and text communications carefully, and not following links or responding to texts which might be suspicious, no matter how convincing they may appear. All the while as they contacted customers via email and text.
So I kept an eye on my bank accounts. The only unusual activity was that my direct debit Optus bill came out of my account, like clockwork.
Why was that unusual?
Because it made me wonder: if Optus can direct debit my bills, why then does it need to keep my driver’s licence, passport details and myriad other personal details for so long – in this case the years I have been with the company?
Then the details – including driver’s licence and passport details – of 10,000 customers were published on the dark web.
Now I was more than slightly worried.
Optus assured us they’d be in touch if we were one of the 10,000 whose licence and passport probably needed replacing to avoid small problems like identity theft.
Oh, and now that you mention` it … there was the slight matter of some Medicare details being stolen, the telco admitted.
But just keep checking your bank account for unusual activity.
I googled “how to change my NSW driver’s licence”, to be told it could only happen by lining up at a Service NSW venue, at which point I’d likely be told I couldn’t get a new number because that only happens if there has been a fraud, not if you fear one.
Oh, and I’d also have to foot the bill for it.
Same story with the passport.
So I figured before investing the time or money in either of these things, best to find out if I was among the 10,000.
No email or text from Optus, so I got on their chat section of their app. That trusty app, which bills me with clockwork regularity, requires facial recognition to be opened on my phone, and has a handy chatbot to help with questions.
I asked about data theft. The first chatbot reply came at 10.40am, asking me which area could best describe my query. There was no ‘concerned about my data being stolen’ option.
Over the next few hours I repeatedly asked the chatbot if I was one of the 10,000, and did I need to replace my licence and passport.
I got several links to ‘how to protect your data’ information, and more assurances Optus would contact me if my details had been severely compromised.
I kept asking: “can you just tell me if my passport or driver’s licence details have been published, and I need to change them”. The chatbot fell silent. Told me this was a high volume time, “there may be a delay in replying.’
There was. At least an hour. So I asked again.
About 2.30pm, Optus offered to check my account.
All I needed to do was fill out a form asking for proof of identity, answer some security questions — online — so they could access my account to see if it has been accessed.
Basically, they wanted more sensitive information, to access my account, to see if the sensitive information I’d already provided them, which may have been stolen, had in fact been stolen.
I declined, observing exactly that.
Regrettable, Optus replied. It understood my concerns, but government regulations meant these security measures must be followed for privacy reasons. Or I could go to an Optus store, provide 100 points of ID — like my driver’s licence, passport, or the bank details they already have managed to possibly lose to hackers — at which point they may be able to tell me if I am among the 10,000 at very real risk of identity theft.
I closed the chat.
Checked my bank account for suspicious activity again.
If only Optus’ customer details database was as impenetrable as its chatbot service, we wouldn’t be in this mess.
Join the conversation
State’s workplace insurer’s $4.9bn deficit exposed as claims balloon
The state’s workplace insurer is $4.9 billion in deficit, according to bombshell internal documents which have revealed the industries with the most workers getting compensation for psychological injuries.
Read more
Elderly man critically injured in apparent hit-and-run
An elderly pedestrian has been rushed to hospital in a critical condition after being injured in an apparent hit-and-run in south-western Sydney.
Read more