Someone stole personal identity data on all customers of Optus and began posting it online. Optus apparently required substantial personal information and identity documents to prove identity when establishing new service.
This may have included “home addresses, drivers’ licenses, Medicare numbers and passport numbers”. Victims will need new licenses, new Medicare accounts and to apply for new passports.
Once identity information was collected, Optus may have kept it in a database, forever, possibly unencrypted, and possibly accessible through an open API.
Up-to-date information to help you understand and navigate the recent cyberattack impacting Optus customers.
Source: Cyberattack Support
The hacker has said they tried to report the security vulnerability but Optus had no way for anyone to contact them about that.
The hacker now claims, in as an thought, that no more data will be released as the police investigation tightens down on finding the culprit.
When someone request your personal data, it is good to ask these questions:
- Why is the information being collected?
- Who will have access to the data?
- How will it be stored securely and for how long?
- When will it be disposed of and how will it be disposed of?
