For those in Perth always looking for a better, faster, cheaper way

Monday, September 26, 2022

Optus Hack - How much do they have on you?

Some helpful forum posts have indicated that there is a way that you can see the data that was stolen from Optus about you. You can check the Optus customer API yourself by first logging into your Optus account at https://www.optus.com.au. You can only access data for the logged in user, and can't view the data of other customers.

Then follow this link to see what data would have looked like. Take note of the 'contactID' from here - https://www.optus.com.au/mcssapi/rp-webapp-9-common/user/inf...

Then replace {contactId} with your customer ID you found in the first link into this web address, replacing of course the {contactId} with your ID.

https://www.optus.com.au/mcssapi/rp-webapp-9-common/customer-management/contact-person/{contactId}?lo=en_US&sc=SS

If you see "Driving Licence","indentValue":"XXXXXXXX" then XXXXXXX is your driver licence number. 

Optus Hack - are you a Category 1 or a Category 2 victim?

There are two groups of people affected by the Optus security breach - which one are you? 

CATEGORY 1

If you got an email from Optus with the following 2nd paragraph, then you are one of the more affected customers from this recent hack - 

Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected.

If you had the above paragraph you should put a ban on credit checks and also apply for an extension of that ban with a second form. You may also want to join the class action updates from Slater & Gordon and if they do proceed with a lawsuit, you may be compensated if you register with them.


CATEGORY 2

Those that were not so affected are those that did not have their drivers licence number or passport number breached and the second paragraph from Optus will say this - 

No financial information or passwords have been accessed. The information which has been exposed is a combination of your name, date of birth, email, phone number and/or address associated with your account. No ID document numbers or details have been affected.

Optus is still working out how to respond to this hack and whether to compensate customers. 

Optus hack - How to ban credit checks

If you had an email from Optus in the last few days mentioning that your driver's license or passport number was included in the breach, it is a good idea to stop people from applying for a loan or credit using your ID. You can apply for bans with all of the Australian CRAs by engaging just one credit reporting agency and requesting that they place bans with all CRAs if you agree to their terms and conditions. You can choose one of the following and tick the box where it says that you would like them to notify other CRAs. It takes literally 5 minutes to save you a potential headache of some hacker using your ID to borrow hundreds of thousands.