[exodust]

Glad I dumped them 2 years ago. I hated their imposed "non direct debit fee" if you elected to pay manually instead of direct debit.

I hated their mandatory text messages that couldn't be blocked, such as upcoming bill reminders. Spam my email as much as you want, but stay out of my text messages!

[suprjami]

Former customers are also included in the breach, just in case you thought you were safe not being a customer anymore.

[exodust]

I doubt from 2 years ago. They probably said that to cover those who recently left. I guess we'll see. Not sure if they are notifying people or there's any way to check?

[tonteldoos]

Based on one newer article I've seen, leaked data dates back to 2017, so...

No idea how accurate this is just yet though.

They claim to have started notifying people today (Saturday), with customers with most amount of info leaked being prioritised. Supposedly if you've had ID information stolen, you'll know today. Fingers crossed.

[exodust]

Yep, my details were part of the breach unfortunately. I hate Optus now more than ever.

I left them 2 years ago but they keep my details in a database accessible to the internet? Why? Details leaked are name, email, phone, DOB, home address, drivers license number.

About 4 years ago I emailed them complaining that their marketing team were using my date of birth to send me "birthday deals" on my birthday. Something I never opted in for. I found it creepy because the only reason they knew my DOB was from a sign-up security verification process. So back then they were sharing security details from customer signups to their marketing team for use in promotional material. No respect or care for user's data.

I wonder if a class action can be brought against Optus.

[tonteldoos]

Ah man, I'm sorry to hear that. No emails here yet, but not to say I'm not in the category one down yet (which is only slightly less bad).

I'm starting to worry about the general public's understanding of the ramifications of this. When it first broke, I was pretty upset, and my partner (well educated, and with me long enough to understand some things about breaches) thought my concerns and anger at optus was excessive. It's only after I explained to her in some detail a few scenarios of what could happen with the information, that she asked questions about what we should be doing.

I think we'll be seeing fallout from this for years to come.

[frupert52]

I wouldn’t normally get angry about something like this but when the CEO talked about how upset she was that there were people out there who would do such harm I almost blew my stack. The level of wilful ignorance to your responsibilities required to feel that statement could be appropriate is astounding.

But most of all, if you’ve worked anywhere even remotely resembling a professional organisation in the last 10 years then it should be obvious just how bad things are inside Optus for this to have even happened. Something is deeply wrong there. This kind of breach should have thousands of things standing in the way of it being possible

[exodust]

> scenarios of what could happen

What could happen?

In my case the home address is old, not my current one, so I dodged a bullet there. That leaves name, DOB and drivers license number. How can those 3 things alone be used?

Email and phone were taken, but nobody can use those if verification is needed. And I can easily change those details in the various places they are used.

I'm quietly confident that because my home address is my old address, and therefore not associated with my drivers license, I'm in better shape than millions of others in this breach.

I'm still angry about it! The email from Optus was tone deaf. They worded it like they are the victims, downplayed the importance, and even ended with "warm regards".