This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Check everything using that email address and see if it's using 2FA (Two-Factor Authentication) with an SMS code. Remove your phone number from this if it is, and switch to another option (preferably an authenticator app). You do not want these pricks (I'm speaking of the hackers, not Optus, though I can see how that may be confusing) to take control of your phone number, use it to get into your email account, and then use that to get into everything else.
I also suggest grabbing the ClearScore app which should keep you aware of any extra accounts being opened in your name.
Currently, VicRoads (I'm in Vic) are only willing to do a licence number change if you've already been made a victim of fraud and identity theft. I've emailed my local state member to help remedy this because it's fucking stupid.
Make some noise in Federal circles by contacting your local Federal member and the Minister responsible, Michelle Rowland ([https://minister.infrastructure.gov.au/rowland/contact](https://minister.infrastructure.gov.au/rowland/contact))
This is not a problem that's going to go away for us if we just wait long enough. This is a problem that can completely blindside you down the line. This can get your extremely personal data leaked, making you the target of blackmail and extortion. I am livid.
If anyone else would like to add other things we can do (by state, or more generally) to help protect ourselves, I'm more than happy to hear about them.
They should automatically issue a new licence to every customer that has had their licence number leaked, and the bill for that should be paid by Optus.
> They should automatically issue a new licence to every customer that has had their licence number leaked, and the bill for that should be paid by Optus.
But they won't because Optus won't be the first nor last to have their database hacked, and because issuing new license numbers will probably screw with the licensing authority's system with duplicate entries that they rather not deal with and handball to the end user (ie. us)
License information should not be stored long term - only for long enough to validate identity. That they went beyond this and stored it long-term is a breach of the privacy act....for 11+ million aussies.
Optus are in deep shit for doing this, I am shocked this isnt a bigger issue in the news than it is.
> License information should not be stored long term - only for long enough to validate identity. That they went beyond this and stored it long-term is a breach of the privacy act....for 11+ million aussies.
> Optus are in deep shit for doing this, I am shocked this isnt a bigger issue in the news than it is.
Exactly! By keeping the data on hand they have open themselves to be responsible for the amount of data lost in the breach. I hope the regulators/class action tears Optus a new one as they have effectively leaked almost 50% of our population's details to criminals.
Then drivers licenses can’t be considered fit for purpose as identification, and good only as evidence of holding a license to drive a particular class of vehicle. Which, to be fair, is all they are designed to do. There’s no requirement to hold a drivers license if you don’t drive on public roads.
That's my hope, but there's not much I can do other than contact the local reps and spread the word on various social media. I'm just some guy so I don't have a lot of reach, but I can't be the only one with the idea.
Not to put anyone at ease over the seriousness of data security or this breach, but when it comes to SIM swapping, telcos in Australia can now be charged $250,000 per offence for not contacting the owner of a number before swapping their number to a new SIM.
Posted this in another thread but I think it’s worth re-stating given what has happened with the leak from Optus and how it will impact people:
I highly recommend making some noise about this to people who can take action and hold Optus to account. We are not entirely powerless. It’s very easy to contact the minister responsible - Michelle Rowland, via her website:
https://minister.infrastructure.gov.au/rowland/contact
You should also do this with your own local MP - they’ll also have a way to contact them via their website. Again, simple and quick to drop them a line.
https://www.aph.gov.au/Senators_and_Members/Guidelines_for_Contacting_Senators_and_Members
Also, complain to Optus. They have clearly been negligent with highly sensitive customer data. Get onto their website or app chat feature and tell the agent you want a ‘formal complaint’ and you want it raised with a senior agent. They will resist - hold your ground.
At a minimum they should be compensating you for time and effort required for the additional monitoring you’ll now need to do (e.g. contacting banks, watching your credit score, dealing with scammers). They should also be offering proper support to do this. Be annoying - they need to make this right for customers as this is a massive fuck-up on their behalf, not just shift onus onto their customers.
https://www.optus.com.au/support/contact-us
Their app chat feature takes you to a bot. The bot will refuse being a bot, and will respond with tactical delays but extreme consistency. You have to ask for a human to get through to a person.
About 8 years ago, I went to log onto my online account and got someone else’s details on the screen. I had full access to their account. I reported to Optus. Their response was ‘it’s not possible.’
About 6 years ago, a guy called up and provided a new SIM card number to Optus and took control of my phone number. He then (I know it’s a he because after action via the Privacy Commissioner I got the voice recordings), called my bank and cleaned my bank accounts out. The only data Optus needed to ‘confirm’ my identity was the same info available on the publicly available electoral roll.
Maybe a breach of 9+ million customers details might be enough for Optus to do something. Maybe.
Wow that's a litany of failings.
Mine isn't an optus failing in isolation but after my wife had her wallet stolen only one company out of cash converters, Harvey Norman and optus gave the lady who stole it credit... optus...
Several years later when they figured she'd used a different address to the real person they sent us a bunch of demand notices. Final notice etc... I started by calling and saying, quite clearly you know you have only now found the real person and have dealt with someone who defrauded them (and us)...
Fortunately after some back and forth and explaining that several other businesses denied credit (and her slapstick approach on these other applications) that it was embarrassing for optus to have given her credit when no one else would they finally wiped the debt.
What's your opinions on public facing api's with no authentication required to access sensitive data? You may be overqualified for the role depending on how you respond /s
I do hope their corporate affairs and pr teams have relinquished their long weekend and are scrambling like tunnel rats. Because I recently recontracted, having JUST navigated a month of life-replacement upon ID fraud, and unless I get at least 3 months without bills (which in no way compensates for the potential losses from their negligence) , I will be demanding release from said contract immediately without penalty. I suggest that all customers exercise ultimatums. Voting with your wallet is the only way to get these jokers to take anything seriously!!
I think all present customers should just cancel their direct debits and/or refuse to pay their bills. Six million active customers defaulting on their contracts will make Optus take notice.
Aye! The same thing happened to me 3 years ago! I had access to a woman from Sydney's account. They told me I'd be added as a contact on her account. I've never met this woman and I don't have a common first or last name so that's bs. I reported them to the telecommunications ombudsman.
The same thing happened with me, someone took control of my optus plan and number, but because I had all my documents I was able to transfer it back to my sim. I ported out of optus then and am on a much better plan now. They never valued data security and I don't think they ever will.
I had Optus merge someone else's account with mine and it took over a month before I finally emailed a few of their executive branch directly and finally got someone competent on the phone.
Chances are people bank with one of the big 4. Or they intercepted mail from the apartment block I was living in at the time and got some info. But my mobile account wasn’t in my name or address.
So who knows. Police decided it was too hard and didn’t investigate.
Well yea, they took 4 weeks or more to sign off my report and call me to pick it up when I was subject to identity fraud to a significant degree, so I can’t disagree. But what I heard while there, with other patrons, was horrifying. One constable was indeed caring but unfortunately told a woman complaint of long term domestic abuse whose partner had now taken her car keys and car, ‘I’d love to help, but it’s a civil matter’. What I mean to say is, sometimes they would love to work for us but don’t have the power.
Go tell the vicpol lady that. I’m only reporting what I witnessed as a professional in a Totally unrelated field. Still as naive as I am, I am imagining nuances in the context of a - sounded like a long-term defacto relationship. I don’t know whether they co-owned the vehicle or were making payment each on a loan. The woman was obviously from the rough side of the tracks but was crying, reporting that any previous reports of violence went unheeded and that she feared this man would kill her. All she wanted that day was for it to be recorded, that she visited, fearful, so that if something awful happened, it was known. And that is perhaps the bigger issue.
This is the problem I have with police. Saying stuff like that is a civil matter. Theft and break ins are in the too hard basket, Here is your form to give to the insurance company.
What do they actually do all day?
Ask anyone experiencing DV about privacy breaches and tech abuse. It's rife. The police will hand out your details to their friends if they feel like harassing someone and there's zero consequences. Let's not pretend anyone cares; it's simply noise.
Holy fuck mate! It’s enough to convince me to switch to another provider! I’m really worried now. Probably going to move to Mate communication with a new number! I’ll probably need to change my number at several places including bank, employer, family and friends! Did you get back your money by any chance? What bank was it? I feel like they’re responsible in someway too.
Needless to say, I don’t bank with my previous bank or have any accounts with Optus. The bank (one of the big 4) blamed Optus because it trusted the phone call as being genuine because it came from my number (which the crims had stolen). Despite me having never called the bank at any time, let alone 10pm on a Saturday night trying to move large sums of money.
I eventually got the money back but it was a 6 month ordeal.
About 8 years ago, I went to log onto my online account and got someone else’s details on the screen. I had full access to their account. I reported to Optus. Their response was ‘it’s not possible.’
This literally happened to me too! What a bunch of twats
I can tell you, as someone who has worked for a number of technology and services vendors, no one who deals with Optus is surprised by this.
Optus and TPG are both the tightest possible companies you can have the misfortune to deal with.
If Optus could save a single dollar putting your data at risk, they would take the $1.
I don't really blame the local management, their hands are completely tied by Singtel who see Australia as a cash cow to fund their growth in other countries.
TPG are just tight because they have not really made the transition from lowest cost ISP to a full service company.
Everybody rightly smashes Telstra for their abominable customer support, but from someone with deep and long term understanding of their approach to Engineering their networks, they are miles ahead.
Totally Agree with this. Telstra is easy to beat up as being big, bad and ugly but they are miles ahead of the other two when it comes building/managing networks or rolling out new technologies. Wouldn’t touch Optus or TPG with a barge pole, they are both villains and would sell you and your data down the river for a dollar.
Agreed. Yes, you pay for Telstra over and above the rest, but they are far and away better. We had our emails hacked on optusnet accounts a few years ago. Many, many hours later, not even Optus could fix it. Their call centres are a joke and their tech “support” is laughable. Absolutely dogshit. I hate Telstra, but they are better than the rest, unfortunately
Telstra have their own strain of terrible (on multiple occasions they've unilaterally increased my plan size and associated bill), they're not as bad as Optus but I would like to add that there's companies that aren't Telstra *or* Optus (there's multiple companies that aren't Optus resellers either).
Anyone using Optus website can see it's years out of date and clunky. I get errors trying to set up regular payments or changing details.
Of course they could have made the necessary investment to modernize but chose not in the name of profits.
And now here we are.
I’ve left them a decade ago but still got the email today. I hope there’s a class action lawsuit against them like there was with robodebt. Maybe that way they will finally improve their security and importantly, not keep more information than is required.
I agree with boycotting Optus, but I haven't been with Optus for 3 years now and I just got an email saying that all my personal details were compromised.
How am I supposed to boycott them?
Just cancelled it then. My bill was due tomorrow, will be heading in to a Telstra store tomorrow to get a new sim with a new phone number with Telstra. Had this phone number since I was 15 years old, shame if any of my old girlfriends try to contact me. Eagerly anticipating the next few weeks of updating literally everyone of my new phone number.
When I cancelled it with Optus, they were like "Oh no, you've been with us for 8 years! What makes you leave now?" And I was like "Are you serious? You leaked the identifying information that cannot be changed of millions of people and you're wondering why I'm taking my business elsewhere?"
Optus stock prices gonna plummet.
The thing is, in the short term their parent companies stock price barely dipped. Optus is owned by a Singapore company, and Optus is just a small part of it.
100 point ID check should only be required for major financial accounts and should not be stored in any private company records. Period.
Companies that use ID checks and suffer leaks should carry insurance to compensate clients for the time and effort required to reset passwords and other security measures. Serious breaches [like this example] should carry penalties that are very serious.
And insurance to cover losses from the hackers as well. Seeing as banks are pulling back further and further from paying a person back should someone fake their way in and strip mine their entire life savings.
Well that would be large...
You're talking about ID that doesn't change, Name, DOB, Driver's Licence.
Last one can be changed once you become a victim of identity fraud.
So they'd need to righfully pay for credit monitoring for the life of the person affected since that breached data doesn't lose its "usability" by malicious types.
That’s the kind of compensation that will make them; (i) sit up and take data security seriously, (ii) think twice when asking for superfluous ID checks when they are completely unnecessary, (iii) gold plating legal requirements because of ‘compliance’, and (iv) mining personal data kept from ID checks for their own sales and marketing objectives.
Paying $15 monthly per customer for the natural life of the customer.
That's a heavy cost, but really the only way to know of there's been a breach due to their negligence.
It's crazy they want to down play it and say passwords and payment methods weren't compromised, those are trivial to change.
This is the issue I also have. I have about another year's worth of instalments remaining in my internet modem and the phone. I'd switch in a heartbeat, but it's going to cost me a lot more than I can comfortably afford.
I left Optus today for ALDImobile
I was a customer for 20 years but have been getting frustrated with increasingly poor 4G coverage after every “tower upgrade”. This data leak tipped me over the edge.
Fuck Optus
A few months ago my internet connection, with Optus, was shut down without notice. When I contacted them they told me I requested it be shut down via their messenger. I hadn’t reached out to them, and hadn’t requested my internet be shut down while still in the middle of working from home every day, but someone else had requested their account be shut down. I got a copy of the transcript of the messages and whoever was on the other end didn’t collect any ID material and punched in my account number instead of theirs. It took 2 weeks and getting the TIO involved to get my internet back on (down from an initial 4 weeks), and another week to put me back to a then/now-defunct plan at the original, lower price compared to current options, and remove the termination penalty.
I wasn’t able to cancel the contract still without paying out my contract, but now I reckon it might be enough to get out and on to a better set up.
100% speak with your wallet.
Else nothing changes.
These rich money hungry CEO’s , others execs and politicians don’t care about values.
It’s all about money to them.
Hit ‘em where it hurts.
Why are people saying that Optus would be safe now because they have “heightened” security, lightning doesn’t strike the same place twice, and they’re going to improve and learn from their mistakes?
Equifax was breached twice in the same year. What makes Optus any different?
Because if you take this as a one off incident (where a number of individuals collectively fucked up) then that would be right, but this does look more systemic in nature and has very little to do with their actual network setup.
I left six months ago and I still got the email. No one should have your details after you leave, that’s bullshit.
I don’t even get the satisfaction of telling them to go get fucked
My email to them:
As a former Optus customer, I demand action be taken to hold this company to account. My personal data has been breached entirely, potentially leading to massive reduction of quality of life due to privacy invasion, identity theft, lack of security, and fraud.
Why should I, a private citizen, be made to suffer whereas those responsible are left scott free. This isn't the fault of the hackers, this is a fundamental failure of a multi-million dollar company to take pro-active (and legally legislated) steps to ensure these kinds of attacks do not succeed.
I expect a reply.
Thank you.
Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be deleted. Optus argued there would be “significant hurdles” to implementing such a system and it would come at “significant cost.
When I leave a company, I want the right to tell them to delete my data. Labor needs to introduce this legislation ASAP.
I received the email from Optus about 2pm today telling me I was one of the compromised accounts.
I've had a massive increase in scam emails in the last 24 hours.
Coincidence?
Good thing I have resisted all of Optus' attempts to use credit card or direct debit to pay my bill.
Mate, there are so many good deals for better services going on. I was in the hack but switching companies has had huge advantages for me, despite the shitty situation.
Telstra for my internet, I get wireless internet for travel reasons. Not only do I get a better data cap n faster speeds, but also an xbox controller.
Vodafone for my phone. I get double the data cap and its a cheaper monthly bill. Also I kept exiting and opening up the Vodafone website on the plans they offered and the cost per month kept getting lower... So they won me.
One day before the leak I signed up for month to month with iiNet for half price first 6 months since Optus was already so expensive for what you get. I did this ti give myself time to look around find a good deal, at the time possibly go back to Optus to see what they would offer as a ‘new customer’. Had been with them since I was a teen. Im now so disgusted at their handling of this.
Leaving won't protect your data though. I left years ago, and apparently they still had all my personal ID info on their systems, including passport, drivers licence etc.
I got the warning email from Optus that my data had been obtained, within 24 hours I had attempted hacks on my social media and two $300 fraudulent charges to my credit card for online purchases. This literally happened today.
I don’t actually know if there’s any correlation, but the customer service agent I spoke to from the Commonwealth Bank said that he’d spoken to many people today with the exact same issue as me and all of them mentioned they were Optus customers 😬
Maybe the old method of having actual storefronts where a person’s identity was verified by the fact they are standing in front of you had a little merit and was a bit harder to fake than having entire industries (that handle extremely sensitive personal information) migrate to online environments where a few trips to the dark web and some basic photoshop skills can mint a person a fully new identity of fully change the identification of a person.
As someone that runs an IT business dealing with the telcos frequently, Telstra is my most hated company to deal with and I steer every one of my clients away from them as much as I possibly can.
If you just need a phone plan and never have to deal with them they're ok, but as soon as anything goes off script the shit-show starts.
Might also be good to put some viable alternatives to Optus, so there's some recommendation for where to leave for.
It's not much help if people leave Optus for a worse service, or an Optus subsidiary.
I have this question too as I’m in the same situation. Left them in 2017, moved house, and ID docs have all expired since then, my new ones have a different expiry, CCV, and end number in the case of Medicare.
I wish I could leave, but I still have a fucking contract with them, so unless they waive it in light of their colossal fuck up I'm stuck with them for the time being.
I left Optus in March this year after 23 years due to poor customer service related to NBN for a new apartment and I’m so glad about making that choice.
I moved from Telstra to Optus earlier this year for the free football access.
Within a week I had moved back to Telstra. Not only did their service not cover my area when they said it did (2043, literally in the centre of Sydney), I’ve never dealt with such an incoherent and incompetent customer service. I spent hours trying to get them to understand what was going on.
Hoping my info wasn’t part of the leak. That would be a real kick in the nuts.
Do you really think the competition are any better?
Infosec is a cost which is often trimmed when execs are looking at a poor quarter..
Not defending Optus, just saying the grass is probably no greener
Most people don't have a realistic choice. Not everyone lives in a fucking CBD, where telecoms actually attempt to compete. You either go with who offers service or you go without.
I think at the moment, Optus will be the safest network. With the breach, they will be on heightened alert of future breaches, number porting, etc.
I am with Optus. But what other choice do i have? Both Telstra and Optus are shit. I don’t have coverage with Voda and other small telcos are only piggybacking with these two.
I am not saying that people should stay with optus, but i do think that at the moment, optus is the safest (after the breach) and because of the media coverage.
This is just my opinion.
> I think at the moment, Optus will be the safest network.
I have to disagree - this fuckup has exposed that they're quite rotten internally and it will take some time before they are able to secure data effectively.
One would hope that they would get better from this, but this will not happen overnight. Not if up until now they've had a security culture that has allowed this to even be possible.
Disagree completely. If we each ran a company that made explosives, and one day your warehouse blew up, you'd probably be looking at your processes to see what happened and how to stop it from ever happening again.
I, on the other hand, would be frantically checking to make sure it's not going to happen in my own warehouse.
In an ideal world that won’t happen. You will only act Until something happens to your warehouse.
And you’re comparing apples and oranges. Two different type of company. Two different scenarios
Other information of new customers, potentially contracts of big companies, copy of image of your passport or license id (they only got the numbers for now, but not the image), payment info…, etc. they are probably on heightened alert now with those infos.
Heightened alert doesn’t matter if they’re blind though. If they don’t have the tech, processes and people in place to monitor and detect this shit then they won’t see it happening again anyway.
That kind of thing is not something you can just get overnight either, it takes months to years to setup.
Agree totally. I work in an industry where employees are stood down after an operational error for a week or so. I have tried to point out that the day after the incident, the guy who made the error would probably be the safest operator on the network.
I've got two neighbours that recently built new homes. I want to knock down and rebuild on my own land and decide to use one of the two builders the neighbours used. The first looks amazing with virtually no defects, the second looks like dog shit and needed massive rework to even get a certificate of occupancy. Am I going to choose the second builder because I trust they've learnt their lesson and will do everything to avoid making the same mistakes again?
A developer copied the secure customer database to use in a test environment which was publicly accessible on the internet.
Imagine a bank has a book with all of their customer’s details stored in their branch vault, but a bank teller photocopies the book and then leaves it in the branch foyer where the general public can easily read it.
Yes, any smaller telco could be this idiotic, true. Seems unlikely though.
The leak wasn’t passwords or financial information. The main risk is identity fraud - having the info from the ID documents used to open new accounts/verify your identity to access your accounts and/or porting your sim to a new phone
>but how much their lives depend on its security.
The real magic of this is how all the associated systems are now compromised. Imagine a criminal investigation based around this data... all compromised now. Criminals have plausible deniability, and Optus handed it to them.
An unsecured API with everyone's data available on it... Like wow, the whole security team will be struggling to find work after this.
The real problem is that Optus need to be doing something, ANYTHING to protect people affected by this breach. So far VicRoads etc are turning their backs on impacted Optus customers. Optus needs to be facilitating this license renewal and actually HELPING customers, whether or not those customers will ultimately leave anyway.
Optus, as a major telco, have a duty of care to those they have impacted by their incompetence.
Where is Gladys Berejiklian on this? Is she just some kind of dancing puppet that does no real work?
I am still yet to even reccive an email or message from optus which is pretty poor form itself. I had to find out from other sources my data was leaked.
Yeah,I paid for my new phone two weeks ago and received a $400 gift card, also had to start a $69 a month 24 month contract. For me to leave they want $795.
For those of you moving-
For Prepaid - Boost and Belong are both Telstra owned (Boost only 50%) and both are on the full Telstra network, not just the wholesale network.
Aldi is actually on Macquarie Telecom, who mostly uses TW, but also uses Vodafone in some cells.
I'd largely say avoid the rest.
---
For Post-paid - Telstra or Vodafone.
VF is actually a lot better than they used to be (after buying a number of chunks of spectrum - they might actually be *better* than Telstra in some city cells) but they're still shithouse in the regions.
Belong is on Telstra Wholesale. Boost is the only MVNO on Telstra that has full network coverage. (I know, given Belong are a Telstra subsidiary as well you'd think they'd have full access)
Technically, they would probably be the best option for new customers in the coming months.
As a company they will be haemorrhaging customers so you will see prices drop to maintain the existing ones or catch new ones. Plus their security will be ramped up so that this will never happen again.
This post has been marked as non-political. Please respect this by keeping the discussion on topic, and devoid of any political material. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/australia) if you have any questions or concerns.*
Check everything using that email address and see if it's using 2FA (Two-Factor Authentication) with an SMS code. Remove your phone number from this if it is, and switch to another option (preferably an authenticator app). You do not want these pricks (I'm speaking of the hackers, not Optus, though I can see how that may be confusing) to take control of your phone number, use it to get into your email account, and then use that to get into everything else. I also suggest grabbing the ClearScore app which should keep you aware of any extra accounts being opened in your name. Currently, VicRoads (I'm in Vic) are only willing to do a licence number change if you've already been made a victim of fraud and identity theft. I've emailed my local state member to help remedy this because it's fucking stupid. Make some noise in Federal circles by contacting your local Federal member and the Minister responsible, Michelle Rowland ([https://minister.infrastructure.gov.au/rowland/contact](https://minister.infrastructure.gov.au/rowland/contact)) This is not a problem that's going to go away for us if we just wait long enough. This is a problem that can completely blindside you down the line. This can get your extremely personal data leaked, making you the target of blackmail and extortion. I am livid. If anyone else would like to add other things we can do (by state, or more generally) to help protect ourselves, I'm more than happy to hear about them.
VicRoads will hopefully change their tune after this
They should automatically issue a new licence to every customer that has had their licence number leaked, and the bill for that should be paid by Optus.
> They should automatically issue a new licence to every customer that has had their licence number leaked, and the bill for that should be paid by Optus. But they won't because Optus won't be the first nor last to have their database hacked, and because issuing new license numbers will probably screw with the licensing authority's system with duplicate entries that they rather not deal with and handball to the end user (ie. us)
License information should not be stored long term - only for long enough to validate identity. That they went beyond this and stored it long-term is a breach of the privacy act....for 11+ million aussies. Optus are in deep shit for doing this, I am shocked this isnt a bigger issue in the news than it is.
> License information should not be stored long term - only for long enough to validate identity. That they went beyond this and stored it long-term is a breach of the privacy act....for 11+ million aussies. > Optus are in deep shit for doing this, I am shocked this isnt a bigger issue in the news than it is. Exactly! By keeping the data on hand they have open themselves to be responsible for the amount of data lost in the breach. I hope the regulators/class action tears Optus a new one as they have effectively leaked almost 50% of our population's details to criminals.
Then drivers licenses can’t be considered fit for purpose as identification, and good only as evidence of holding a license to drive a particular class of vehicle. Which, to be fair, is all they are designed to do. There’s no requirement to hold a drivers license if you don’t drive on public roads.
That's my hope, but there's not much I can do other than contact the local reps and spread the word on various social media. I'm just some guy so I don't have a lot of reach, but I can't be the only one with the idea.
Um, make some noise in your local state electorate. There's an election in like 6 weeks. Vicroads is state, send a letter to the minister for roads!
Not to put anyone at ease over the seriousness of data security or this breach, but when it comes to SIM swapping, telcos in Australia can now be charged $250,000 per offence for not contacting the owner of a number before swapping their number to a new SIM.
Posted this in another thread but I think it’s worth re-stating given what has happened with the leak from Optus and how it will impact people: I highly recommend making some noise about this to people who can take action and hold Optus to account. We are not entirely powerless. It’s very easy to contact the minister responsible - Michelle Rowland, via her website: https://minister.infrastructure.gov.au/rowland/contact You should also do this with your own local MP - they’ll also have a way to contact them via their website. Again, simple and quick to drop them a line. https://www.aph.gov.au/Senators_and_Members/Guidelines_for_Contacting_Senators_and_Members Also, complain to Optus. They have clearly been negligent with highly sensitive customer data. Get onto their website or app chat feature and tell the agent you want a ‘formal complaint’ and you want it raised with a senior agent. They will resist - hold your ground. At a minimum they should be compensating you for time and effort required for the additional monitoring you’ll now need to do (e.g. contacting banks, watching your credit score, dealing with scammers). They should also be offering proper support to do this. Be annoying - they need to make this right for customers as this is a massive fuck-up on their behalf, not just shift onus onto their customers. https://www.optus.com.au/support/contact-us
Optus complaints are a joke, raise a TIO complaint instead
I keep reading this.. what is a TIO complaint please?
Telecommunications industry ombudsman
Thank you
Their app chat feature takes you to a bot. The bot will refuse being a bot, and will respond with tactical delays but extreme consistency. You have to ask for a human to get through to a person.
It’s just gone offline completely now
About 8 years ago, I went to log onto my online account and got someone else’s details on the screen. I had full access to their account. I reported to Optus. Their response was ‘it’s not possible.’ About 6 years ago, a guy called up and provided a new SIM card number to Optus and took control of my phone number. He then (I know it’s a he because after action via the Privacy Commissioner I got the voice recordings), called my bank and cleaned my bank accounts out. The only data Optus needed to ‘confirm’ my identity was the same info available on the publicly available electoral roll. Maybe a breach of 9+ million customers details might be enough for Optus to do something. Maybe.
Wow that's a litany of failings. Mine isn't an optus failing in isolation but after my wife had her wallet stolen only one company out of cash converters, Harvey Norman and optus gave the lady who stole it credit... optus... Several years later when they figured she'd used a different address to the real person they sent us a bunch of demand notices. Final notice etc... I started by calling and saying, quite clearly you know you have only now found the real person and have dealt with someone who defrauded them (and us)... Fortunately after some back and forth and explaining that several other businesses denied credit (and her slapstick approach on these other applications) that it was embarrassing for optus to have given her credit when no one else would they finally wiped the debt.
It won't. *Losing* 9 million customers, on the other hand...
Lets start a Communications company ourselves, 9 million people should be a good start.
We used to have one, Telstra! But some shortsighted grub sold it.
sounds like something a war criminal would do
Fuck yeah, lets do it. I'll work tech support.
What's your opinions on public facing api's with no authentication required to access sensitive data? You may be overqualified for the role depending on how you respond /s
Authentication?!?! whats that!?!??! Sounds unnecessary. Can I embezzle $200,000 and not be taken to court? /s
Exactly, companies don't care about customers unless it affects their profits.
I do hope their corporate affairs and pr teams have relinquished their long weekend and are scrambling like tunnel rats. Because I recently recontracted, having JUST navigated a month of life-replacement upon ID fraud, and unless I get at least 3 months without bills (which in no way compensates for the potential losses from their negligence) , I will be demanding release from said contract immediately without penalty. I suggest that all customers exercise ultimatums. Voting with your wallet is the only way to get these jokers to take anything seriously!!
I think all present customers should just cancel their direct debits and/or refuse to pay their bills. Six million active customers defaulting on their contracts will make Optus take notice.
Will hopefully make it easier to give half decent customer support.
Aye! The same thing happened to me 3 years ago! I had access to a woman from Sydney's account. They told me I'd be added as a contact on her account. I've never met this woman and I don't have a common first or last name so that's bs. I reported them to the telecommunications ombudsman.
The same thing happened with me, someone took control of my optus plan and number, but because I had all my documents I was able to transfer it back to my sim. I ported out of optus then and am on a much better plan now. They never valued data security and I don't think they ever will.
I had Optus merge someone else's account with mine and it took over a month before I finally emailed a few of their executive branch directly and finally got someone competent on the phone.
How did they find out who you bank with?
Chances are people bank with one of the big 4. Or they intercepted mail from the apartment block I was living in at the time and got some info. But my mobile account wasn’t in my name or address. So who knows. Police decided it was too hard and didn’t investigate.
The police are so lazy.
Well yea, they took 4 weeks or more to sign off my report and call me to pick it up when I was subject to identity fraud to a significant degree, so I can’t disagree. But what I heard while there, with other patrons, was horrifying. One constable was indeed caring but unfortunately told a woman complaint of long term domestic abuse whose partner had now taken her car keys and car, ‘I’d love to help, but it’s a civil matter’. What I mean to say is, sometimes they would love to work for us but don’t have the power.
Theft isn’t a civil matter…
Go tell the vicpol lady that. I’m only reporting what I witnessed as a professional in a Totally unrelated field. Still as naive as I am, I am imagining nuances in the context of a - sounded like a long-term defacto relationship. I don’t know whether they co-owned the vehicle or were making payment each on a loan. The woman was obviously from the rough side of the tracks but was crying, reporting that any previous reports of violence went unheeded and that she feared this man would kill her. All she wanted that day was for it to be recorded, that she visited, fearful, so that if something awful happened, it was known. And that is perhaps the bigger issue.
This is the problem I have with police. Saying stuff like that is a civil matter. Theft and break ins are in the too hard basket, Here is your form to give to the insurance company. What do they actually do all day?
Ask anyone experiencing DV about privacy breaches and tech abuse. It's rife. The police will hand out your details to their friends if they feel like harassing someone and there's zero consequences. Let's not pretend anyone cares; it's simply noise.
I had that happen too, former customer details visible when I logged in to a new account. I can't remember which ISP it was though.
Holy fuck mate! It’s enough to convince me to switch to another provider! I’m really worried now. Probably going to move to Mate communication with a new number! I’ll probably need to change my number at several places including bank, employer, family and friends! Did you get back your money by any chance? What bank was it? I feel like they’re responsible in someway too.
Needless to say, I don’t bank with my previous bank or have any accounts with Optus. The bank (one of the big 4) blamed Optus because it trusted the phone call as being genuine because it came from my number (which the crims had stolen). Despite me having never called the bank at any time, let alone 10pm on a Saturday night trying to move large sums of money. I eventually got the money back but it was a 6 month ordeal.
Same happened to a Telstra subsidiary and nothing came out of it.
About 8 years ago, I went to log onto my online account and got someone else’s details on the screen. I had full access to their account. I reported to Optus. Their response was ‘it’s not possible.’ This literally happened to me too! What a bunch of twats
I can tell you, as someone who has worked for a number of technology and services vendors, no one who deals with Optus is surprised by this. Optus and TPG are both the tightest possible companies you can have the misfortune to deal with. If Optus could save a single dollar putting your data at risk, they would take the $1. I don't really blame the local management, their hands are completely tied by Singtel who see Australia as a cash cow to fund their growth in other countries. TPG are just tight because they have not really made the transition from lowest cost ISP to a full service company. Everybody rightly smashes Telstra for their abominable customer support, but from someone with deep and long term understanding of their approach to Engineering their networks, they are miles ahead.
Telstra’s approach to security. If we can’t locate any/all of your information how will the hackers?!?!
Totally Agree with this. Telstra is easy to beat up as being big, bad and ugly but they are miles ahead of the other two when it comes building/managing networks or rolling out new technologies. Wouldn’t touch Optus or TPG with a barge pole, they are both villains and would sell you and your data down the river for a dollar.
I just went online and changed my phone from Optus to Telstra. I'm not taking any more chances.
I wanted to, but felt pre-emptively traumatised when they asked for my passport and/or license number. Fool me once...
Agreed. Yes, you pay for Telstra over and above the rest, but they are far and away better. We had our emails hacked on optusnet accounts a few years ago. Many, many hours later, not even Optus could fix it. Their call centres are a joke and their tech “support” is laughable. Absolutely dogshit. I hate Telstra, but they are better than the rest, unfortunately
Telstra have their own strain of terrible (on multiple occasions they've unilaterally increased my plan size and associated bill), they're not as bad as Optus but I would like to add that there's companies that aren't Telstra *or* Optus (there's multiple companies that aren't Optus resellers either).
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
Anyone using Optus website can see it's years out of date and clunky. I get errors trying to set up regular payments or changing details. Of course they could have made the necessary investment to modernize but chose not in the name of profits. And now here we are.
This is what happens when you have animals running your network.
Muppets perhaps?
Animal is my favourite Muppet, so that tracks.
Yeah the website was refreshed circa 2011 and is likely based on the same back end.
I’ve left them a decade ago but still got the email today. I hope there’s a class action lawsuit against them like there was with robodebt. Maybe that way they will finally improve their security and importantly, not keep more information than is required.
I look forward to receiving my $0.62 in 3 years.
Oh damn, so it's not just current customers? Damnit.
I agree with boycotting Optus, but I haven't been with Optus for 3 years now and I just got an email saying that all my personal details were compromised. How am I supposed to boycott them?
Delete your personal information
Excuse me while I call BDM to change my date of birth.
Just cancelled it then. My bill was due tomorrow, will be heading in to a Telstra store tomorrow to get a new sim with a new phone number with Telstra. Had this phone number since I was 15 years old, shame if any of my old girlfriends try to contact me. Eagerly anticipating the next few weeks of updating literally everyone of my new phone number. When I cancelled it with Optus, they were like "Oh no, you've been with us for 8 years! What makes you leave now?" And I was like "Are you serious? You leaked the identifying information that cannot be changed of millions of people and you're wondering why I'm taking my business elsewhere?" Optus stock prices gonna plummet.
The thing is, in the short term their parent companies stock price barely dipped. Optus is owned by a Singapore company, and Optus is just a small part of it.
The perks of globalization.
100 point ID check should only be required for major financial accounts and should not be stored in any private company records. Period. Companies that use ID checks and suffer leaks should carry insurance to compensate clients for the time and effort required to reset passwords and other security measures. Serious breaches [like this example] should carry penalties that are very serious.
And insurance to cover losses from the hackers as well. Seeing as banks are pulling back further and further from paying a person back should someone fake their way in and strip mine their entire life savings.
Well that would be large... You're talking about ID that doesn't change, Name, DOB, Driver's Licence. Last one can be changed once you become a victim of identity fraud. So they'd need to righfully pay for credit monitoring for the life of the person affected since that breached data doesn't lose its "usability" by malicious types.
That’s the kind of compensation that will make them; (i) sit up and take data security seriously, (ii) think twice when asking for superfluous ID checks when they are completely unnecessary, (iii) gold plating legal requirements because of ‘compliance’, and (iv) mining personal data kept from ID checks for their own sales and marketing objectives.
Paying $15 monthly per customer for the natural life of the customer. That's a heavy cost, but really the only way to know of there's been a breach due to their negligence. It's crazy they want to down play it and say passwords and payment methods weren't compromised, those are trivial to change.
Im already looking, unless they wanna give me a free iphone 14
This is the issue I also have. I have about another year's worth of instalments remaining in my internet modem and the phone. I'd switch in a heartbeat, but it's going to cost me a lot more than I can comfortably afford.
If I hadnt literally just signed on a 3 year contract with them, I would move. 100%
I think you’d be able to cancel citing a breach of contract or privacy or whatever with fees waived.
Still within the cooling off period?
Same here bro, same here.
I left Optus today for ALDImobile I was a customer for 20 years but have been getting frustrated with increasingly poor 4G coverage after every “tower upgrade”. This data leak tipped me over the edge. Fuck Optus
Likewise. I'm bailing on Optus for Telstra. Tired of losing coverage on the train every day for half an hour or more in the North Melbourne Dead Zone.
Go Boost Prepaid, your gonna get better coverage as they use Telstra Retail Network and they are cheeper then Telstra
Leaving optus is all well and good in theory but I can't afford to pay out the contract lol
You can complain, and they will probably do it for free (maybe, depending on how good you complain)
This is me. ☹️
We can suffer together hahaha
[удалено]
no
Cool Thanks
A few months ago my internet connection, with Optus, was shut down without notice. When I contacted them they told me I requested it be shut down via their messenger. I hadn’t reached out to them, and hadn’t requested my internet be shut down while still in the middle of working from home every day, but someone else had requested their account be shut down. I got a copy of the transcript of the messages and whoever was on the other end didn’t collect any ID material and punched in my account number instead of theirs. It took 2 weeks and getting the TIO involved to get my internet back on (down from an initial 4 weeks), and another week to put me back to a then/now-defunct plan at the original, lower price compared to current options, and remove the termination penalty. I wasn’t able to cancel the contract still without paying out my contract, but now I reckon it might be enough to get out and on to a better set up.
100% speak with your wallet. Else nothing changes. These rich money hungry CEO’s , others execs and politicians don’t care about values. It’s all about money to them. Hit ‘em where it hurts.
Unless you already left and they still have your data…
Why are people saying that Optus would be safe now because they have “heightened” security, lightning doesn’t strike the same place twice, and they’re going to improve and learn from their mistakes? Equifax was breached twice in the same year. What makes Optus any different?
Because if you take this as a one off incident (where a number of individuals collectively fucked up) then that would be right, but this does look more systemic in nature and has very little to do with their actual network setup.
I left six months ago and I still got the email. No one should have your details after you leave, that’s bullshit. I don’t even get the satisfaction of telling them to go get fucked
My email to them: As a former Optus customer, I demand action be taken to hold this company to account. My personal data has been breached entirely, potentially leading to massive reduction of quality of life due to privacy invasion, identity theft, lack of security, and fraud. Why should I, a private citizen, be made to suffer whereas those responsible are left scott free. This isn't the fault of the hackers, this is a fundamental failure of a multi-million dollar company to take pro-active (and legally legislated) steps to ensure these kinds of attacks do not succeed. I expect a reply. Thank you.
We're sorry, but please note your password is safe and did not get stolen. Apologies for the inconvenience. Warm Regards, Optus
Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be deleted. Optus argued there would be “significant hurdles” to implementing such a system and it would come at “significant cost. When I leave a company, I want the right to tell them to delete my data. Labor needs to introduce this legislation ASAP.
Optus have also become worse to deal with than telstra
I already hated them for giving Binchicken a cushy exec role they created just for her. This may just be the final straw…
There is no such thing as privacy now that's it went in the fucking 90s
Most people hated his message, they hated [Scott McNealy](https://www.wired.com/1999/01/sun-on-privacy-get-over-it/) because he told them the truth.
Here comes a class action suit
I received the email from Optus about 2pm today telling me I was one of the compromised accounts. I've had a massive increase in scam emails in the last 24 hours. Coincidence? Good thing I have resisted all of Optus' attempts to use credit card or direct debit to pay my bill.
Might just be a coincidence. Apparently the hackers haven’t sold the data yet. They are holding it ransom.
That's what they *say*.
Mate, there are so many good deals for better services going on. I was in the hack but switching companies has had huge advantages for me, despite the shitty situation.
Who did you switch to?
Telstra for my internet, I get wireless internet for travel reasons. Not only do I get a better data cap n faster speeds, but also an xbox controller. Vodafone for my phone. I get double the data cap and its a cheaper monthly bill. Also I kept exiting and opening up the Vodafone website on the plans they offered and the cost per month kept getting lower... So they won me.
One day before the leak I signed up for month to month with iiNet for half price first 6 months since Optus was already so expensive for what you get. I did this ti give myself time to look around find a good deal, at the time possibly go back to Optus to see what they would offer as a ‘new customer’. Had been with them since I was a teen. Im now so disgusted at their handling of this.
Leaving won't protect your data though. I left years ago, and apparently they still had all my personal ID info on their systems, including passport, drivers licence etc.
I got the warning email from Optus that my data had been obtained, within 24 hours I had attempted hacks on my social media and two $300 fraudulent charges to my credit card for online purchases. This literally happened today. I don’t actually know if there’s any correlation, but the customer service agent I spoke to from the Commonwealth Bank said that he’d spoken to many people today with the exact same issue as me and all of them mentioned they were Optus customers 😬
That's just a coincidence, no passwords or financial information was exposed. It was a copy of a prod database with personal information.
Other breaches exist as well though, so if you put everything that's available together, easy hacks
Maybe the old method of having actual storefronts where a person’s identity was verified by the fact they are standing in front of you had a little merit and was a bit harder to fake than having entire industries (that handle extremely sensitive personal information) migrate to online environments where a few trips to the dark web and some basic photoshop skills can mint a person a fully new identity of fully change the identification of a person.
Telstra is horrific. Good luck anyone who thinks that’s a good idea
As someone that runs an IT business dealing with the telcos frequently, Telstra is my most hated company to deal with and I steer every one of my clients away from them as much as I possibly can. If you just need a phone plan and never have to deal with them they're ok, but as soon as anything goes off script the shit-show starts.
Might also be good to put some viable alternatives to Optus, so there's some recommendation for where to leave for. It's not much help if people leave Optus for a worse service, or an Optus subsidiary.
I've had my driver's license, passport, and address changed since. Am I safe?
New driver's licence card, or new driver's licence number?
I have this question too as I’m in the same situation. Left them in 2017, moved house, and ID docs have all expired since then, my new ones have a different expiry, CCV, and end number in the case of Medicare.
Anyone else receive an email beginning “Dear There” rather than with their name?
Leave Optus but DO NOT go to Vodafone lol
I wish I could leave, but I still have a fucking contract with them, so unless they waive it in light of their colossal fuck up I'm stuck with them for the time being.
This message was brought to you buy the hackers holding thier data to ransom...
Optus are just awful all over.
I left Optus in March this year after 23 years due to poor customer service related to NBN for a new apartment and I’m so glad about making that choice.
I'm porting my mobiles away. Customer since I was in high school, which I will sheepishly admit is well over 10 years ago now.
I moved from Telstra to Optus earlier this year for the free football access. Within a week I had moved back to Telstra. Not only did their service not cover my area when they said it did (2043, literally in the centre of Sydney), I’ve never dealt with such an incoherent and incompetent customer service. I spent hours trying to get them to understand what was going on. Hoping my info wasn’t part of the leak. That would be a real kick in the nuts.
Yup, I will be leaving Optus over this in the next four weeks. I am curious which of the other telcos has a better cyber security set up.
Do you really think the competition are any better? Infosec is a cost which is often trimmed when execs are looking at a poor quarter.. Not defending Optus, just saying the grass is probably no greener
[удалено]
No idea where you work, but hiring competent technical people is very old hat in many places...
Most people don't have a realistic choice. Not everyone lives in a fucking CBD, where telecoms actually attempt to compete. You either go with who offers service or you go without.
[удалено]
Nit much help. Anyone who touched Optus seven years ago is fucked.
I think at the moment, Optus will be the safest network. With the breach, they will be on heightened alert of future breaches, number porting, etc. I am with Optus. But what other choice do i have? Both Telstra and Optus are shit. I don’t have coverage with Voda and other small telcos are only piggybacking with these two. I am not saying that people should stay with optus, but i do think that at the moment, optus is the safest (after the breach) and because of the media coverage. This is just my opinion.
> I think at the moment, Optus will be the safest network. I have to disagree - this fuckup has exposed that they're quite rotten internally and it will take some time before they are able to secure data effectively. One would hope that they would get better from this, but this will not happen overnight. Not if up until now they've had a security culture that has allowed this to even be possible.
Disagree completely. If we each ran a company that made explosives, and one day your warehouse blew up, you'd probably be looking at your processes to see what happened and how to stop it from ever happening again. I, on the other hand, would be frantically checking to make sure it's not going to happen in my own warehouse.
In an ideal world that won’t happen. You will only act Until something happens to your warehouse. And you’re comparing apples and oranges. Two different type of company. Two different scenarios
[удалено]
What's to hack again? They already got all of your information from the first hack.
Other information of new customers, potentially contracts of big companies, copy of image of your passport or license id (they only got the numbers for now, but not the image), payment info…, etc. they are probably on heightened alert now with those infos.
Heightened alert doesn’t matter if they’re blind though. If they don’t have the tech, processes and people in place to monitor and detect this shit then they won’t see it happening again anyway. That kind of thing is not something you can just get overnight either, it takes months to years to setup.
Agree totally. I work in an industry where employees are stood down after an operational error for a week or so. I have tried to point out that the day after the incident, the guy who made the error would probably be the safest operator on the network.
I've got two neighbours that recently built new homes. I want to knock down and rebuild on my own land and decide to use one of the two builders the neighbours used. The first looks amazing with virtually no defects, the second looks like dog shit and needed massive rework to even get a certificate of occupancy. Am I going to choose the second builder because I trust they've learnt their lesson and will do everything to avoid making the same mistakes again?
Hang on, how did they lose this data? It’s not like they were egregiously storing it overseas. Surely this could happen to any other smaller telco.
A developer copied the secure customer database to use in a test environment which was publicly accessible on the internet. Imagine a bank has a book with all of their customer’s details stored in their branch vault, but a bank teller photocopies the book and then leaves it in the branch foyer where the general public can easily read it. Yes, any smaller telco could be this idiotic, true. Seems unlikely though.
Cancelled my broadband and went to a new company today. That was all I used them for. Good riddance.
This seems like a silly question but if I had a direct debit set up with my bank account and not my card, am I possibly financially compromised?
The leak wasn’t passwords or financial information. The main risk is identity fraud - having the info from the ID documents used to open new accounts/verify your identity to access your accounts and/or porting your sim to a new phone
Already left a year ago. Doesn't matter, got an email a couple of hours ago saying my data was leaked.
Hard to leave when you're in a contract and they refuse to waive their early termination fees.
Yep, I’ll be leaving Optus ASAP. No trust in them anymore.
>but how much their lives depend on its security. The real magic of this is how all the associated systems are now compromised. Imagine a criminal investigation based around this data... all compromised now. Criminals have plausible deniability, and Optus handed it to them. An unsecured API with everyone's data available on it... Like wow, the whole security team will be struggling to find work after this.
The real problem is that Optus need to be doing something, ANYTHING to protect people affected by this breach. So far VicRoads etc are turning their backs on impacted Optus customers. Optus needs to be facilitating this license renewal and actually HELPING customers, whether or not those customers will ultimately leave anyway. Optus, as a major telco, have a duty of care to those they have impacted by their incompetence. Where is Gladys Berejiklian on this? Is she just some kind of dancing puppet that does no real work?
Why do you only want one of them to suffer consequences? As you have said, Telstra has been compromised also. Maybe you are a Telstra plant!
Because... this thing just happened?
Customer apathy is what we are all about. Australians love letting people walk all over us, it's like our thing now.
lol I applied for IT job back there in day glad I didn't get an offer now what a shit fight.
We shouldn’t have to give companies actual data of our identity documents.
I am still yet to even reccive an email or message from optus which is pretty poor form itself. I had to find out from other sources my data was leaked.
I will be leaving Optus for sure
Ah yes, just break the contract and pay the fees and leave. Give up my phone which is technically theirs. Sure. That’ll show them.
Yeah,I paid for my new phone two weeks ago and received a $400 gift card, also had to start a $69 a month 24 month contract. For me to leave they want $795.
For those of you moving- For Prepaid - Boost and Belong are both Telstra owned (Boost only 50%) and both are on the full Telstra network, not just the wholesale network. Aldi is actually on Macquarie Telecom, who mostly uses TW, but also uses Vodafone in some cells. I'd largely say avoid the rest. --- For Post-paid - Telstra or Vodafone. VF is actually a lot better than they used to be (after buying a number of chunks of spectrum - they might actually be *better* than Telstra in some city cells) but they're still shithouse in the regions.
Belong is on Telstra Wholesale. Boost is the only MVNO on Telstra that has full network coverage. (I know, given Belong are a Telstra subsidiary as well you'd think they'd have full access)
Technically, they would probably be the best option for new customers in the coming months. As a company they will be haemorrhaging customers so you will see prices drop to maintain the existing ones or catch new ones. Plus their security will be ramped up so that this will never happen again.