Facebook Google Menu Linkedin lock Pinterest Search Twitter

Advertisement

Companies

Dec 17, 2015

Over 30,000 Optus customers' data published, but debts not automatically forgiven

A debt collector who tried to outsource his or her own job published the personal information of more than 30,000 mostly former Optus customers online.

Share

optusfront

The personal data of 31,150 mostly former Optus customers was posted on short-term job website Freelancer.com in major breach of their privacy, Crikey can reveal.

Earlier this week, Crikey reported that an employee of the telecommunications company’s debt collector ARC Mercantile had posted a spreadsheet of data of customers who owed a debt to Optus onto Freelancer.com, a job auctions website where potential workers bid to undertake a variety of short-term jobs or tasks.

Against the policies of both Optus and ARC Mercantile, the employee was seeking to get a Freelancer.com worker to analyse the data (which was the ARC Mercantile employee’s job) and uploaded a spreadsheet of the data earlier this year. The data included customer names, contact numbers, physical and email addresses, date of birth and debt collection history information.

The data has since been removed from Freelancer.com, and Optus has been attempting to track down the 51 people who accessed the data while it was online to have the data destroyed.

Optus has subsequently sent out a letter to customers who had their data posted online advising them of the situation and offering a free alert service for potential identity fraud. The company has said those who are affected might want to change their phone numbers.

optus2

Optus would not say how many customers were affected, but Crikey has learned that the breach affected 31,150 people.

According to an internal Optus document seen by Crikey, of the 31,150 people affected, only 164 remain Optus customers. They cleared their debts and had their services reconnected. The remaining 30,986 people remain disconnected.

Optus says in the document that while ARC Mercantile had been managing the debt of those customers, because of the breach, Optus has decided to manage the debt for those customers internally. Optus has not told Crikey that it intends to sever its relationship with ARC Mercantile.

Optus has not said it intends to pre-emptively forgive all of the debts of the 31,150 customers, but the document reveals Optus is prepared to pay compensation for those affected, including for phone number changes, passport replacement and other ID changes. There is also the option for “discretionary credits” to be issued to resolve debts for customers who complain about having their data exposed.

Crikey asked Optus to confirm the figure yesterday, but the company again refused to comment. Optus has over 9 million active mobile services.

ARC Mercantile has also declined to state whether the employee who was seeking to outsource his or her own job had been fired, stating simply that “all necessary disciplinary action” had been taken.

The Australian Privacy Commissioner Timothy Pilgrim was informed of the breach by Optus and ARC Mercantile.

Josh Taylor — Journalist

Josh Taylor

Journalist

Josh is Crikey’s general reporter covering politics, immigration, technology, the environment and, well, just about everything. Josh joined Crikey in 2015 after being lured away from his role as an award-winning technology journalist for ZDNet.

Get a free trial to post comments
More from Josh Taylor

Advertisement

We recommend

From around the web

Powered by Taboola

0 comments

Leave a comment

0 thoughts on “Over 30,000 Optus customers’ data published, but debts not automatically forgiven

  1. Norman Hanscombe

    This might inspire the Crikey Commissariat to revise its puerile opposition to Government efforts to strengthen our Internet Security.
    But I forgot, the outside world has little in common with those inhabiting the Crikey Bunkers, does it.

Leave a comment