[JamesBrooks]

Affected Optus customer here (received email indicated I was impacted). They never had my passport details (there have been some links going around when logged in to see the payload of your PI involved in the breach) but they certainly have my name, address, phone number and drivers license number in the data.

Fortunately we're able (in South Australia) to get our drivers licenses changed over free of change if impacted, which I'll do but now that's something else I need to get around to doing... I wonder how many of these costs will be forwarded on to Optus on behalf of the goverment

[prawn]

Also in SA, and also contacted by Optus. The thing that shits me is that I haven’t been a customer in a couple of years. They really shouldn’t have details unnecessarily stored unless there is some government requirement.

[Prcmaker]

Same over here, over five years since I left, more than the required time they're required to hold information for.

[albastru]

That’s what happens when you don’t have a clear legislation like Europe’s GDPR.

[collegeburner]

why in the world did a telco need your drivers license in the first place? i assume you don't have to be a licensed driver to get phone service in australia.

edit: hn is rate limiting me but like, any phone number? you need id even for a prepaid one? and why do they need to keep this on file?

[mastazi]

In addition to what other siblings already said, in Australia we have a scoring system to prove your identity (called "100 point identification") and depending on the score needed, drivers licence can get you there so it's used very often. This system is for Government entities but private companies often take inspiration from it

This is the SA version since GP is from South Australia, all other states have the same thing too https://www.police.sa.gov.au/services-and-events/100-point-i...

[mkj]

An interesting thing is that "100 point ID" applies to physical documents, but somehow it's been conflated with the number on the document being equivalent. One is obviously more easily copied than the other, and scales better for fraudulent use.

[chillfox]

It's much cheaper to make a computer check the number than pay the post office to sight and verify ID docs.

[caf]

Australia doesn't have any kind of national ID card, so a driver's license is the most commonly used form of primary ID.

[ccakes]

Most (all?) states have a proof-of-age card which is functionally equivalent to a drivers license for ID purposes.

https://www.sa.gov.au/topics/driving-and-transport/licences/...

[josephg]

True; but most adults have a drivers' license instead. I don't think I know anyone who has a proof-of-age card.

[paranoidrobot]

'functionally equivalent' except where it's not.

There's a bunch of places where they've got some sort of ID requirement that only accepts either a licence or passport.

There's a really big assumption in this country that you must have a driver's license, and if you don't well then difficulties arise.

[KnightHawk3]

The best bit though, it will have a CRN on it. This CRN is the same as your drivers license. (at least in qld)

This means using a Drivers License / Proof of Age card is functionaly equivilant.

[markmark]

You have prove your identity to get a phone service. Drivers license is one way of doing that.

[erklik]

Verification of Identity. That's what these documents are used for. It's also why they're so dangerous.

[wolongong942]

Shouldn't this be stored temporary with the document deleted straight after passing verification?

[postingawayonhn]

To get a mobile number in Australia you need to identify yourself with government ID.

[int_19h]

Why do they keep it after opening your account / activating your SIM, though?

[peterkelly]

Because they're irresponsible. There's no reason to hang on to this information once they've verified it.

[Reebz]

That’s incorrect. They are obligated by law to retain it for 6-7 years for KYC purposes.

[collegeburner]

KYC for a gd phone number... honestly the whole attacks on E2EE make a lot more sense now with the background of that kinda shady stuff going on beforehand. praying for y'all, hope the digital rights situation gets better there.

[pjgalbraith]

I had the exact same experience as you (no passport details leaked). I wonder if the passport data is more for tourists getting Optus sims. Nice to see another South Aussie here!

[chillfox]

Well, it will be whatever you used for your 100 points of ID to open an account to begin with. So most people would have used a drivers license. My guess is that the passports is mostly people without a drivers license.