Based on one newer article I've seen, leaked data dates back to 2017, so...
No idea how accurate this is just yet though.
They claim to have started notifying people today (Saturday), with customers with most amount of info leaked being prioritised. Supposedly if you've had ID information stolen, you'll know today. Fingers crossed.
Yep, my details were part of the breach unfortunately. I hate Optus now more than ever.
I left them 2 years ago but they keep my details in a database accessible to the internet? Why? Details leaked are name, email, phone, DOB, home address, drivers license number.
About 4 years ago I emailed them complaining that their marketing team were using my date of birth to send me "birthday deals" on my birthday. Something I never opted in for. I found it creepy because the only reason they knew my DOB was from a sign-up security verification process. So back then they were sharing security details from customer signups to their marketing team for use in promotional material. No respect or care for user's data.
I wonder if a class action can be brought against Optus.
Ah man, I'm sorry to hear that. No emails here yet, but not to say I'm not in the category one down yet (which is only slightly less bad).
I'm starting to worry about the general public's understanding of the ramifications of this. When it first broke, I was pretty upset, and my partner (well educated, and with me long enough to understand some things about breaches) thought my concerns and anger at optus was excessive. It's only after I explained to her in some detail a few scenarios of what could happen with the information, that she asked questions about what we should be doing.
I think we'll be seeing fallout from this for years to come.
I wouldn’t normally get angry about something like this but when the CEO talked about how upset she was that there were people out there who would do such harm I almost blew my stack. The level of wilful ignorance to your responsibilities required to feel that statement could be appropriate is astounding.
But most of all, if you’ve worked anywhere even remotely resembling a professional organisation in the last 10 years then it should be obvious just how bad things are inside Optus for this to have even happened. Something is deeply wrong there. This kind of breach should have thousands of things standing in the way of it being possible
In my case the home address is old, not my current one, so I dodged a bullet there. That leaves name, DOB and drivers license number. How can those 3 things alone be used?
Email and phone were taken, but nobody can use those if verification is needed. And I can easily change those details in the various places they are used.
I'm quietly confident that because my home address is my old address, and therefore not associated with my drivers license, I'm in better shape than millions of others in this breach.
I'm still angry about it! The email from Optus was tone deaf. They worded it like they are the victims, downplayed the importance, and even ended with "warm regards".
My main concern is that, with ID, it becomes possible to do a Sim swap or number port, which would be the start of a heap of nightmares. Luckily, buried at the bottom of Optus' announcement, they mention that (for the moment) those can now only be done in person, in-store, with physical ID.
For the other stuff (address, name, DoB)...what are the things nearly everyone asks when you ring to make account changes, to verify you are you..
I'd be careful with the home address too (although you should be ok). I moved around a bit a few years ago, and lost track of where I'd updated my address. It was usually as simple as 'I think my most recent address with you is X, can you please update it to Y', and as long as the other stuff checked out, no questions were asked.
And yeah, I had to laugh about that press release :/
Still no email this side. No news is good news, right?
All it takes to register a new number here, are your details including name, DoB, physical address (all the complete ones leaked), the type of ID used (passport, drivers license) and the number on that ID. You can do it in about 5 minutes online, and the number is then active (but not before).
Not even a copy of the document is required, and it doesn't have to be sighted by anyone. From memory, you don't even have to supply the expiry date on the document (and driver's license numbers remain static).
One of the first things I see happening, is criminals using this to obtain burner numbers not traceable to them.
This just twigged something for me - there is now enough information available to easily do number ports, giving someone else control of the number used for MFA. Anything that relies on your number to verify account actions, transactions, etc is now at risk.
Myself included. All data listed, though they couldn't specify if it was my passport or driver's license number. I haven't been a customer with them for over 5 years.
I'm pretty certain I'll get burned at the stake for saying this, but similar to another poster - the one that works.
I spent hundreds playing with mechanical keyboards, used company issued ones, etc... But I'm now on my second Apple magic (on non-apple machines), and won't go back. Good tactile feedback, quiet (for my coworkers), flat (easy on my wrists), loooong battery life (no cables), light & small (to take home with my laptop).
Check the terms - if you already own them, you're grandfathered into the Connect (highest tier) package for free (for now, at any rate).
I recently got a second hand remarkable, and absolutely love it, but not sure how I feel about them pulling this sneaky (however justified it may be). It's not that my assets are in jeopardy, but I'm slowly developing a whole new workflow, which I don't want upended 12 months from now if they decide to charge everyone...
Oddly, to your first point, I've had exactly the opposite experience. Came from a company that used sharepoint for almost everything, that I referred to as /dev/null - if you didn't know EXACTLY what you were looking for, search was useless after you uploaded or created something. It was not uncommon for the document with matching search terms in the title, to show up on page 3 of the results.
Moved to a company that used Confluence for almost everything (there was already a fair bit of content), and search was an absolute dream. Even with terrible search terms, the page (or document) you were looking for was invariably in the first 3 results.
No idea how accurate this is just yet though.
They claim to have started notifying people today (Saturday), with customers with most amount of info leaked being prioritised. Supposedly if you've had ID information stolen, you'll know today. Fingers crossed.