by kiwih on 9/28/22, 7:31 PM with 138 comments
by cantrevealname on 9/29/22, 1:56 AM
I dislike this intensely. All kinds of random places are keeping hi-res scans of documents that are perfect for identity theft and fraud. I've tried suggesting that looking at the passport should be sufficient to verify my identity -- they don't need to make a copy of it -- but I've had no luck.
Has anyone had success at pushing back on this? Are there laws in any country that say that you can't take photocopies or scans of customers' passports?
by zmmmmm on 9/29/22, 1:40 AM
If you accept perfect security is impossible (everyone should) then anybody creating data retention laws (ie: the government) really has to also assume some level of responsibility for the risk that the data is going to leak.
by josephg on 9/29/22, 1:54 AM
And we need to put other companies with terrible security on notice. I think the only way big companies will move is by making their executive team sweat money.
Thats how it works everywhere else in the economy - if your negligence causes harm, you're liable. Serve bad food in a restaurant? Sued. Sell sporting equipment which causes injury? Sued. Misrepresent yourself? Sued, and potential criminal charges. Medical malpractice? Sued. But somehow, if your sloppy software causes harm thats ok? What rubbish. Security malpractice should bear the same punishment as everything else.
Maybe the price of paid software will go up. Thats fine. Maybe there aren't enough qualified security engineers. Also, fine.
If you don't have the expertise to manufacture a safe car, we've decided you can't enter the car business at all. Likewise, if you don't have the technical skill to keep my data secure, you have no business storing my data at all.
by JamesBrooks on 9/29/22, 12:54 AM
Fortunately we're able (in South Australia) to get our drivers licenses changed over free of change if impacted, which I'll do but now that's something else I need to get around to doing... I wonder how many of these costs will be forwarded on to Optus on behalf of the goverment
by hilbert42 on 9/29/22, 1:45 AM
If the Australian Government actually goes through with its threat to make Optus pay millions to cover the cost of the damage its lax security has caused then the idea may catch on elsewhere.
It seems to me that at the risk of going bankrupt over a breach of its customers' privacy a company would want to divest itself of as much information about its customers as was possible.
Wouldn't it be great if that were to happen.
by papafox on 9/29/22, 1:34 AM
by estebarb on 9/29/22, 1:32 AM
by triggercut on 9/29/22, 3:00 AM
You can then select the businesses you would like to forget about you and Mine will send pre-written emails on your behalf and monitor for replies.
The experience has been enlightening. This is what I've found after sending 50ish requests:
- A small number of businesses already have a process in place to deal with such requests and action immediately without further correspondence
- Others ask that you fill in a form (pdf or web) to start the process
- A large number won't get back to you for around a week or two and eventual responses appear to be written by a person
- A small number tell you the can delete some data but not all. e.g. Compare the Market. In the past I've used compare the market to purchase insurance products, that sale is linked to my personal details and so they can not delete. I'm not sure why this is the case. Maybe there are compliance reasons but it is a little worrying that these middle-men companies that live on commission either can't or won't erase my data.
The big one that's been mentioned in other HN threads on this is Car Rental companies. I made it a priority to deal with them first. They have all manner of sensitive information and their size, tenure and CX don't instill me with confidence.
by alfiedotwtf on 9/29/22, 3:04 AM
"Optus is not aware of any security events which would warrant revisiting the security obligations imposed on regulated entities,” the telco’s submission stated."
Despite concerns that data retention could create a ‘honey pot’ for hackers, telcos already had in place security measures to protect customer data they already retained for commercial purposes, the department argued.
“Given this, it did not follow that the proposed data retention scheme presented an unmanageable level of risk to customer privacy,” its submission stated. “The evidence to date supports that the existing data security arrangement have been effective.”
by mbrodersen on 9/29/22, 1:45 AM
by kiwih on 9/28/22, 7:34 PM
I wonder if this is actually intended to be an "ask", or if this is polite language for "we will legally compel them to".
>Passport numbers are among the personal details accessed in what the federal government has described as a "basic hack".
>Optus says the data breach was due to a "sophisticated" operation.
It would be good to know more details of the hack itself.
by ars on 9/29/22, 2:59 AM
In Israel you use your ID number, if a citizen, or passport number if not, in tons of transactions (as a citizen it somehow flows to your yearly taxes, not sure exactly), even stuff as mundane as getting gas needs an ID number.
If passport numbers are meant to be secret I suspect a lot of people are in for a rude surprise.
by btgeekboy on 9/29/22, 12:05 AM
by GoOnThenDoTell on 9/29/22, 3:41 AM
by brokenmachine on 9/29/22, 5:19 AM
What more could they possibly do?
by lysp on 9/29/22, 4:34 AM
by senectus1 on 9/29/22, 12:47 AM
by mtgx on 9/29/22, 1:23 AM
When the data companies want on you becomes a liability in case of data breaches, one of 2 things will happen:
1. They'll drastically improve their security
2. They'll stop asking for a lot of data just because they think they might use it later or because they want to sell it to others.