[exodust]

Yep, my details were part of the breach unfortunately. I hate Optus now more than ever.

I left them 2 years ago but they keep my details in a database accessible to the internet? Why? Details leaked are name, email, phone, DOB, home address, drivers license number.

About 4 years ago I emailed them complaining that their marketing team were using my date of birth to send me "birthday deals" on my birthday. Something I never opted in for. I found it creepy because the only reason they knew my DOB was from a sign-up security verification process. So back then they were sharing security details from customer signups to their marketing team for use in promotional material. No respect or care for user's data.

I wonder if a class action can be brought against Optus.

[tonteldoos]

Ah man, I'm sorry to hear that. No emails here yet, but not to say I'm not in the category one down yet (which is only slightly less bad).

I'm starting to worry about the general public's understanding of the ramifications of this. When it first broke, I was pretty upset, and my partner (well educated, and with me long enough to understand some things about breaches) thought my concerns and anger at optus was excessive. It's only after I explained to her in some detail a few scenarios of what could happen with the information, that she asked questions about what we should be doing.

I think we'll be seeing fallout from this for years to come.

[frupert52]

I wouldn’t normally get angry about something like this but when the CEO talked about how upset she was that there were people out there who would do such harm I almost blew my stack. The level of wilful ignorance to your responsibilities required to feel that statement could be appropriate is astounding.

But most of all, if you’ve worked anywhere even remotely resembling a professional organisation in the last 10 years then it should be obvious just how bad things are inside Optus for this to have even happened. Something is deeply wrong there. This kind of breach should have thousands of things standing in the way of it being possible

[exodust]

> scenarios of what could happen

What could happen?

In my case the home address is old, not my current one, so I dodged a bullet there. That leaves name, DOB and drivers license number. How can those 3 things alone be used?

Email and phone were taken, but nobody can use those if verification is needed. And I can easily change those details in the various places they are used.

I'm quietly confident that because my home address is my old address, and therefore not associated with my drivers license, I'm in better shape than millions of others in this breach.

I'm still angry about it! The email from Optus was tone deaf. They worded it like they are the victims, downplayed the importance, and even ended with "warm regards".

[tonteldoos]

My main concern is that, with ID, it becomes possible to do a Sim swap or number port, which would be the start of a heap of nightmares. Luckily, buried at the bottom of Optus' announcement, they mention that (for the moment) those can now only be done in person, in-store, with physical ID.

For the other stuff (address, name, DoB)...what are the things nearly everyone asks when you ring to make account changes, to verify you are you..

I'd be careful with the home address too (although you should be ok). I moved around a bit a few years ago, and lost track of where I'd updated my address. It was usually as simple as 'I think my most recent address with you is X, can you please update it to Y', and as long as the other stuff checked out, no questions were asked.

And yeah, I had to laugh about that press release :/

Still no email this side. No news is good news, right?