Still down. That is a month now. Perpetual, you are a disgrace.
2 Likes
Incompetent comes to mind followed by the predictable
We thank you for your patience and apologise for any inconvenience this has caused.
Taking compromised systems off-line is a time honoured way to minimise damage but keeping them off line for more than a few days suggests their external provider should be sacked and possibly sued to cover damage to reputation as well as inconvenience and potentially damages to every Perpetual investor affected.
Nothing like those promises of a cashless society and one’s online connected life.
Connection Failed
Error 20
investor.myperpetual.com.au
2023-07-07 06:41:27 UTC
What happened?
The proxy failed to connect to the web server, due to TCP connection timeout.
Your IP: XXX.XXX.X.XX
Proxy IP: XX.XX.XXX.XX
Incident ID: 337001140041021980-234430572147055757
1 Like
Customer portal is still down since 8 June. Did you get your distro yet and if so what was the delay? If not have you engaged the alternative contacts/site they put up? (to understand how badly their systems are really affected.)
1 Like
Online services still down and they advise another two weeks offline. They are sending out snail mail letters starting next week apparently.
Zoom back to the 1980s as far as this investment company is concerned. Online IT really is not that hard.
1 Like
Good! Help save Australia Post. 
The real difficulty that I have with that statement is lack of transparency. Unless you personally are directly involved with the (unnamed) third party provider, you don’t know what they are up against, you don’t know what the challenges are.
Looking from the outside and with my IT hat on, yes, I too am surprised at the slow progress and I wonder whether their “contingency” arrangements were adequate.
I guess one thing that has become more difficult over the years is “outsourcing”. Not everything is within your control any more.
Once a company starts outsourcing, or even offshoring, crucial business functions, they deliberately make things harder. And I have done IT on both sides.
Typically, a business tries to keep some control over the provider of a service by applying performance criteria and fines for breaching them.
Now any half-decent service provider would be back up and running almost immediately and so would Perpetual.
I suspect the unnamed third party is either a mickey-mouse outfit that can no longer provide the IT service, and Perpetual has to find an alternative or insource it, or there is a legal dispute about whether penalties will be paid.
1 Like
As a longer term PPT customer my impression is their management is as challenged about IT issues as a 98 year old person who has lived in aged care for the past 30 years. Not impressed although my accounts have done OK, which is why I am still with them.
Long after the financial community was online PPT was still passing around locked PDFs to print, complete, and post back. It is what they are and never have risen above minimal expectations, so far.
2 Likes
A new one - inside job but targeted, and more dangerous: Victoria's privacy watchdog tasks health department with new recommendations following COVID data breaches - ABC News
And reflux on an old one: Byron Bay data breach victim told to pay Adidas, National Basketball Association $US1.2m by US courts - ABC News
This one seems to be missing some detail. The person claims to be a Medibank data breach victim. But Medibank says that passwords were not breached in the breach of Medibank. But the article says that the attack used credential stuffing.
It is possible that Medibank in fact has nothing to do with it. Or it is possible that the scammers combined data from multiple sources, getting the victim’s personal details from Medibank but her password from somewhere else.
However it has transpired the consequences for the victim have opened a whole new world of pain. Having the case heard without your representation and being subject to a USA court order may be just the beginning.
Two questions come to mind.
- If Adidas or the US NBA had brought this case to an Aussie courtroom, would the outcome have been the same?
- How has the USA court decided whether the Aussie holder of the PayPal account had control over or knowledge of the events that caused the two businesses to claim loss?
This seems to set a difficult to resolve and ugly precedent for any Australian who looses control (what ever the circumstances) of an account with a digital services provider subject to US law. Are those signed up to PayPal etc now pseudo citizens of the USA? Not really how it is, just my imaginative take on how it must feel when the long arm of the US justice system comes after someone in another nation.
1 Like
As a number of publicised cases demonstrates US laws are neither restricted to US citizens nor to US territory. Break a US law (even if extra-territorial) and they can and often will come for you. Most of the ‘western’ global community is complicit in supporting that behaviour.
1 Like
In some ways, the Paypal account holder created the US legal problem by not responding to the legal notices.
By not responding, both courts in the US allowed the case to proceed ‘ex parte’, with the defendant not present.
No defense meant a default judgement.
Never, ever, just ignore legal notices. Because failing to respond can well come back to bite you. Not just US courts but Australian ones too.
It used to be, and maybe still is, a practice of debt collectors to lodge actions in different states to where the supposed debtor lived, and get a default judgement when the debtor failed to show.
While that might be good advice … if the scammers had done a better job then the victim would never have received the email anyway.
For a $1m judgement I think the scam-companies should be legally obliged to serve notices ‘properly’. For that amount of money, they can damn well send snail mail.
Hmm. Not sure if that was tongue in cheek or not.
The notices apparently were issued by the US courts. Summons to attend a civil action.
Nothing to do with scammers sending emails.
1 Like
Right. My bad. It was intended as half-and-half tongue in cheek. Let me try again.
For a $1m judgement I think the scam-system should be legally obliged to serve notices ‘properly’. For that amount of money, they can damn well send snail mail.
My point about the email is that in a compromise situation, it is entirely possible that the scammers can interfere with sending and receiving emails, and there are examples of that happening.
If it is in the interests of the scammers to prevent the victim from receiving the emailed served notice then they should do that if they can because it could extend the useful lifetime of the scam of that one victim’s account. Being served with a court notice is a heads-up that there is a problem - and could cause the scam to end prematurely.
1 Like
Including ones that arrive via your email.
She was then served electronically with papers from the US District Court of Florida outlining Adidas’ case against her.
Similar charges against her were also filed by the National Basketball Association in the District Court of Illinois.
As an oldie I don’t consider email to be a substitute for physically delivered legal documents. Australia is only just moving into a world that uses email ans ann anktetnative. Although until email is free of junk I’m not convinced it is reliable. As close it gets is how CentreLink and the ATO use MyGov to deliver important correspondence. Similar for several of the big banks or ASIC where one needs to log into your account. While they all rely on regular email or SMS for alerts, there is no need to reply or follow links. Simply login to your personal account.
P.S.
The practicality of responding to an OS court and personal cost. Been there once. No further comment needed.
1 Like
Indeed. Running my own mail server I can at least bounce any unwanted summons. 
Yeah, totally impractical. That’s why there are two scammers here. The scammers who broke into her account. And the scammers who did the rest. Unfortunately the second lot of scammers have got the legal system behind them.
Delivered through Australia’s Freedom of Information legislation and persistence.
Where data loss can lead. An ongoing issue that predates the current parliament. Ouch!
The ease with which a new or replacement MyGov account can be created enables stolen data to beat the ATO’s systems fir protection of personal accounts!
It’s a given not all of us know or understand the extent of data we may have lost. Some do, some don’t, for others ignorance comes because it’s all too hard?
3 Likes
… and for those of us who already have a MyGov account … does this scam work? That is, can a scammer create a new account and effectively move the ATO link across from the legitimate account to the new account? (I think you are saying “yes” to this.) And if so what notification, if any, is provided to the legitimate person?
However I think the most vulnerable to this scam are people who don’t have a MyGov account at all.
Today I received an email from Optus informing me they are changing my mobile plan in October. I never received any notification that my data had been stolen last year and so I hope I am safe from that one. But who knows?
When I contacted them to cancel a second service I have that was about to increase by 60%, I was offered a monthly discount to change the plan now which would have been a saving of ~$100 over the year. They then proceeded to ask me to scan my drivers license and Medicare card “The reason we need do this is because we are changing your plan. I hope you understand it.”
Well I don’t understand it, and declined. I’ve been a client of theirs for 30 years, and in that time have not been asked (that I recall) for ID for a plan change.
When I asked for a transcript of the chat, I was given a Conversation ID, but no way of actually accessing the content. I was told they would send it. I’ve spent 20 minutes copy/pasting it into a text file and still haven’t seen it.
Wish I’d copied the privacy disclaimer in the form I was to fill out…
I feel like I smell a rat…
4 Likes
One wonders, why, someone would give documents such as images of drivers licence or Medicare card to a company that freely allowed those to be copied and put onto the ‘dark Web’.
Surely you could do better elsewhere. A jump of 60% increase would be motivation to shop around for a better deal.
Of course, the same sort of identification documentation may need to be supplied by law, but why not try someone else.
2 Likes
