Government register blocks 500,000 identity theft attempts
Hundreds of thousands of Australians who had their data stolen can breathe a sigh of relief.
Security
Don't miss out on the headlines from Security. Followed categories will be added to My News.
Hundreds of thousands of Australians who had their data stolen have been saved from suffering identity theft thanks to beefed up protections.
The Credential Protection Register has foiled some 500,000 attempts by fraudsters to verify stolen credentials since it was set up in the wake of the 2022 Optus data breach.
The driver’s licences, passport numbers, dates of birth, home addresses and phone numbers of up to 10 million current and former Optus customers were released by the ransom attack on the telco.
Attorney-General Mark Dreyfus says the register “disrupts black market sales of stolen personal documents and illegal activities that rely on those stolen credentials including scams, money laundering and fraud.”
“While criminals are stopped from inflicting more harm, the credentials on the register
can still be used for their primary purpose,” he said.
“For example, if an Australian passport is stolen in a data breach and is put on the register, it can still be used by the legitimate owner for overseas travel but cannot be used by criminals to open bank accounts or conduct other fraudulent activities.”
The Albanese government has earmarked $14m to “enhance the register”, adding in accessibility features that would let people enter in compromised credentials themselves and “control when and how they are used.”
“The mobile application will notify individuals in real time if someone is using their identity without their consent,” Mr Dreyfus said.
“These changes will give Australians full control of when and how their identity credentials
are being used and allow them to disrupt illegal use of their identity.”
Just under 200,000 Australians experience identity theft in 2022-23, according to the Australian Bureau of Statistics (ABS).
The ABS found 71 per cent of victims were notified by an authority, typically a bank.
One in three said their stolen data was used to access their financial services.
Originally published as Government register blocks 500,000 identity theft attempts