(6 years is pretty terrible, hence why I wrote above: and then legislate that the retention period is both a minimum and a maximum.)
The government was always clear that what the government legislated was a minimum and that they would seriously encourage telcos to retain data longer so that it would be available for the government’s surveillance.
Optus data breach customers navigate varied rules on changing drivers licence number - ABC News
He wants to change his drivers licence number to prevent against identity theft, but VicRoads does not allow Victorians to do so unless fraudulent activity has already occurred.
Great. Not.
I wonder if the record of the Government doing IT would put off many companies using their services unless they were forced to by law.
Recent debacles come to mind. Cencus fail from 2016, Robodebt, Covidsafe.
Anyway, it is just a another interface to query information, and just as possible to hack as any other.
A more considered response from some government offices. It’s evolving with the 24hr news cycle.
For Victorians
Anyone notified by Optus that their license details had been breached can contact VicRoads to have their license record flagged and request a replacement.
There is similar progress elsewhere.
Of greater concern is Optus now advising Medicare numbers have also been included in the loss. It would have been an obvious thought for anyone who has recently opened an account with a Telco that they collect data from a number of different documents. There are other forms of identification with and without photo ID.
Still to come are notifications of the process in each state and government.
and the wheels keep turning.
Yes.
WA is saying that it is literally impossible at the current time to change your drivers licence number.
Queensland is saying they will issue new licence / number at no cost to the licence holder.
However all of this is an expensive band-aid over the real problem.
Also,
Anyone notified by Optus that their license details had been breached
may not be as clear cut as it should be. The email that I received from Optus was not explicit. I have also read of other people contacting Optus customer support directly and still not being able to get clarity.
I just hope that the costs associated with trying to minimise the risks of the breach (issuing new driver’s licences, Medicare cards which is currently under investigation etc) are borne by Optus. The government/taxpayers/impacted consumers shouldn’t foot the bill.
I disagree. Again, that is letting the government off the hook for an outcome that the government was warned about at least a thousand times. I agree that Optus customers should not have to pay to have this problem “fixed”.
A few years ago when all of my ID’s were compromised, I didn’t have to pay for replacement of passport and drivers license. Did pay again for the U.S. Visa because of the change in my Aus passport number.
Although the situation wasn’t anything like it is now with Optus, getting new numbers wasn’t an easy thing to go through, Medicare was the easiest and Vic Roads the hardest because they need proof that the licence number has been actually used for a fraudulent purpose.
Did take a lot of persistence on my part before common sense prevailed,
but my heart goes out to all who need replacements I.D.s
Not making light of the Optus Breach but this satire is priceless even though some Optus (and many other companies) customers might identify with their own experiences.
Robodebt was not an IT fail. The system worked as designed, but its design did not accord with the law. As for going live with Robodebt when it was known to be flawed, that was an administrative/political decision.
At least some states are saying that Optus will be paying for replacement licences. Details per state are in the latter part of this article, and include:
And yes, the article also states that the account claiming to be behind the hack has said ‘oops, didn’t really mean that - trust me, I’m deleting all teh dataz’. Which to me suggests that an amateur has stumbled into a treasure trove and then realised how much trouble they’re going to be in when Mum finds out (let alone Optus, the AFP, etc.).
The ABC does not appear to have been able to confirm The Shovel’s claim of how long the hacker spent on hold while trying to demand a ransom. (If you are not acquainted with The Shovel, its Privacy Policy is probably the most succinct way to get some idea of the publication’s philosophy, or you can read the About page for a little more information.)
Which is a completely unsatisfactory situation.
If this is even true then the sensible approach would be to on-sell the whole lot for below market value i.e. get something to show for it and make it someone else’s problem - someone who is immune to the AFP, the FBI, …
The Robodebt debacle has been variously described as due to the perils of AI and/or poorly built software.
With the information available so far there was no element of AI involved, the process is a fairly simple deterministic procedure (albeit on a large scale) and as best we know the software operated according to specification.
The problem was the debt calculation formula used was contrary to the Act, the software merely implemented that decision. We will know more when the RC reports next year but in a nutshell; not so much poor programming as policy interference.
The question is, who overrode the policy experts who would have told them that the proposed policy was simply illegal? It was either a senior public servant who intercepted the opinion of the policy wonks, who were subsequently proven right by the court, or the public service told the government the facts and the cabinet applied the override. In my opinion it would not be possible for the system to be approved without going to cabinet but we don’t know yet if cabinet was given correct advice.
Here is the view of a self-described expert on the Optus fail. He qualifies his response saying Optus hasn’t released details and he is going on how the hacker described the hack but if it is true, in his view, the break-in was trivial and not at all sophisticated.
Perhaps we could leave all the Robodebt debate for the topic where Robodebt is already extensively discussed: Another multi-million dollar scam exposed
I realise that you weren’t the one who introduced that digression.
Is a transcript available?
Not that I saw.
Whether a sophisticated hack or an opportunistic extortion, it is still a crime
perpetrated by criminal minds. It amuses me to hear on talk back radio that
the poor spelling shows they must be ‘unfamiliar with the English language’…
as if we should trust criminals to show their true nationality in their writings and also trust them to be ‘sorry…we have deleted all’ ?
Is there no end to some people’s gullibility?
Suddenly WA is fixing this long-standing system limitation. So (once they fix that) WA licence holders will be able to get new licence numbers (and free of charge).
The fee is $29. I can’t imagine that it will be worth my time sitting in the Optus call centre queue for 3 hours, waiting behind those demanding ransom payments.
Attempting to get a replacement licence from the NSW government gives
Temporarily unavailable
This transaction may be intermittently unavailable due to a technical issue. Please wait a few minutes and try again. We apologise for any inconvenience caused.
Good one, NSW government.
I think we know why, in general terms, the technical issue might be occurring.
Could be quite a few organizations checking their Internet available Web functions at the moment for any possbility that data could be revealed that should not be.
Or perhaps the NSW system just can’t handle the unexpected increase in requests.
