- Business
- Consumer affairs
- Consumer safety
This was published 2 years ago
Frustrated Optus customers get the run around
By Anna Patty
Optus customers are frustrated with a lack of information from the telco and getting the run-around when trying to change their driver’s licence number and other personal information to prevent identity theft.
In what was one of the largest cyberattacks in Australian history, Optus reported on Thursday that hackers had accessed the personal details of millions of Optus customers.
Chrisy Lekkas, a customer with Optus for about 10 years who lives in the Blue Mountains, said on Sunday that she had not yet received any notification from Optus about the security breach, other than what she had seen in media reports on Thursday.
With plans to travel overseas next year, Lekkas is among customers with concerns about the potential for identity theft, having provided Optus with details including credit card numbers, home address, phone number, driver’s licence, passport and Medicare numbers.
“I haven’t received any information from Optus,” she said. “It is scary. I am worried about my data.
“People like me carry on with their life not knowing the implications of this disaster, but it could be quite serious.”
Lekkas said her partner had received a letter from Optus to business customers which says information which has been exposed includes “your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided, such as driver’s licence number or passport number”.
Optus said it was currently not aware of customers having suffered harm, but encouraged heightened awareness of any suspicious or unexpected activity across online accounts and contact from scammers.
Lekkas said she has received a number of text messages in recent days including one that said her Linkt account payment had not gone through. She has also received a message about a problem with her Netflix account and advice to click on a link, which she refused to do.
“I have both Netflix and Linkt accounts, so my initial response would have been to go to the link provided,” she said. “At this stage no money has gone missing from my account.”
A corporate lawyer in Sydney, who did not want her name published, told the Herald she went to a ServiceNSW centre on Saturday to change her driver’s licence number, which she provided to Optus, but the agency refused to accept the broadcast email sent by Optus as evidence.
“They said I need a personalised letter from Optus specifying that my driver’s licence is among the data disclosed in the hack,” she said.
“Optus’ online chat required me to attend a store to get information about what ID documents they held about me.”
After escalating the matter, she was told her formal application would be considered by Transport for NSW, but would likely be declined.
“What response will Transport for NSW, Medicare and the Passport Office be providing to these applications?” she asked.
“How does Optus intend to compensate customers for their time taking sensible mitigation actions as a result of Optus’ breach?”
Optus reportedly told one customer that it would not compensate them for a $15 credit check.
Another customer told the Herald they had received an assurance from Optus on Thursday that their data was not at risk as a result of the cyberattack. The text message says: “You can rest assured that your account is safe from it”. But on Saturday, the customer received a letter saying “Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information”.
A frustrated customer who contacted Optus on Sunday told the Herald: “they had no practical advice, only to ‘keep an eye out with your financial institutions’.”
A Department of Foreign Affairs and Trade spokesperson said robust controls including facial recognition technology were used to prevent a third party from getting a passport in the holder’s identity.
“However, we are unable to control how third-party scammers may use passport information obtained through data breaches to commit other types of fraud,” the spokesperson said.
“Australians overseas who find themselves victims of identity theft should report the incident to local authorities.
“If an individual wishes to cancel their passport, they can call the Australian Passport Office on 131 232. The Australian Passport Office operates Monday to Friday: 8am to 5pm (for each Australian time zone). There is an after-hours recording that directs individuals needing a passport for emergency travel as a result of a compelling or compassionate circumstance, via the department’s Consular Emergency Centre (1300 555 135). If the individual is overseas, they can contact their nearest Australian diplomatic or consular mission.”
People who want to cancel a passport and apply for a new one will need to do so at their own cost.
A spokeswoman for the NSW Department of Customer Service on Sunday said ID Support NSW is working with Optus to help customers with NSW government-issued credentials, such as a NSW driver licence or birth certificate, “if they have been impacted”.
“Customers who may have been affected and who need to replace documents can contact the ID Support NSW team on 1800 001 040 from Monday to Friday (9am to 5pm),” she said.
An Optus spokeswoman said it was working with the Australian Cyber Security Centre to mitigate risks to customers, and it has provided advice for those who have been impacted on their website, cyber.gov.au.
The Cyber Security Centre provides advice including the application for a Credit Ban with Equifax, illion and Experian (Australia). However, an application for a credit ban may also potentially impact on a customer’s status when applying for credit with other providers because credit bans are also issued to problem gamblers and fraudsters.
The Optus spokeswoman said customers who have been impacted by the incident were advised to contact “reputable sources such as Moneysmart, IDCare and the Office of the Australian Information Commissioner”.
“If you believe your Optus account has been compromised, contact Optus via My Optus app – which remains the safest way to contact Optus, or call on 133 937.
“If you identify that you have experienced any misuse of your credentials, please contact IDCare for support.”
Advice to Optus customers from the Department of Home Affairs
- People can call the Australian Cyber Security Hotline on 1300 Cyber1 24 hours a day, seven days a week.
- The ACSC’s recover and get help page has general advice on recovering from viruses, scams and cyber attacks.
- IDCare is Australia and New Zealand’s national identity support service. IDCare offers personalised support to individuals who are concerned about their personal information. IDCare has a response sheet available online.
- A privacy complaint can be made in writing to the Office of the Australian Information Commissioner (OAIC) via email, mail or fax.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.