Optus data breach could allow fraudsters to commit range of damaging crimes

The Optus data breach has compromised account holders variety of information that may have provided in establishing their accounts ie. name, date of birth, email, phone number, Medicare, passport, driving licence etc.

Varying sources of information suggest only impact new accounts established in last 5 years or only 2 years as that being the time that Optus was obliged by federal government regulations to store that data.
Should companies be legally required to delete past account details immediately after they discontinue?

9.8M accounts impacted, with 39,000 current Medicare card numbers identified of which 22,000 expired.

https://www.abc.net.au/news/2022-09-28/optus-data-breach-could-see-victims- impersonated-expert-says/101476600

Every state allows for driver's licence numbers to be changed in data breaches, but not WA.

Suggestions that many of these documents will be able to be officially changed with Optus carrying associated costs.

Apart from documents other methods are exploiting technology for people to establish their identity e.g. finger print, facial recognition.

If sites have your finger prints and/or photographs and are hacked, can they be used easily for identity theft + access to devices

These issues now go beyond the issues of using passwords and other means for email and internet usage security.

Multi-Factor Authentication now being used by increasing number of financial institutions and businesses.

What are Privacy Act requirements?

Among the list of 10,200 stolen Optus customer details released online by the alleged hacker are several defence email accounts, as well as addresses linked to other government agencies.

Invoice hacking where an invoice to you is intercepted by a hacker who changes the the payee's account number to their own and so your payment never goes to the intended payee.

Security, Scamming, Hacking p. 1/2

Can be circumvented by initially only paying a very small amount of the larger amount invoiced and confirming that it was paid into the intended account, before paying the balance.

Separate Account Strategy

Set up separate ‘operations’ account which you transfer a small amount from your main account and use this for all direct debit, online transactions. Monitor and top up as required. Keeps your main money and account details separate and so that if hacked or scammed only lose lesser amount in case of the cause being your own carelessness and not the banking institutions.

Passwords

Store in a password manager app or device Apple Settings/passwords security management + hidden away innocuous looking/mislabeled notebook.

Malwarebytes have changed settings & block any attempts to infiltrate MacOS

2 step verification Many organisations and financial institutions are implementing this approach where after you have entered your password, you are sent a text message with a confirmation passcode which is necessary to prove your identity.

Security, Scamming, Hacking p. 2/2