The Commonwealth Bank is working with the Australian Federal Police and other government agencies after being alerted to an SMS scam attempting to solicit funds.
The national bank said via Twitter its “aware of an SMS seeking to solicit funds and referencing a CBA bank account following the Optus data breach. We have identified and blocked this account”.
The scam text message said “Optus has left security measures allowing us to access the personal information of their customers” before threatening to release further personal information unless a payment of $2000 was paid into a CBA account.
iTnews understands despite the fraud text no funds have been received into the scam account to date, and none can be received now the account has been blocked.
In a statement from the bank, CBA said it “has become aware” of the circulating SMS and has “identified and blocked this account”.
“We continue to work closely with the Australian Federal Police and other investigative, government and regulatory authorities to limit the impact of any fraud and scams resulting from the events over the past few days,” the bank said
“In addition, we have been communicating directly with millions of our customers since the weekend with advice on keeping their accounts safe and what additional steps they can take with our help to protect themselves from cyber fraud.”
The bank added customer protection includes access to SavvyShield via the Credit Savvy App, “which makes it easy to temporarily ban access to your Credit Report if you think your identity has been compromised.”
In its customer communications, the bank said it “heightened our ID theft monitoring”, and its teams “have relationships with several cyber security industry groups and will continue to monitor all channels for any data and will only update you through our channels”.
A CBA spokesperson told iTnews the bank is “closely monitoring developments at Optus following the reported cyber-attack on the company.”
“The security of our customers banking is an absolute critical priority for us and as part of our ongoing efforts to combat fraud and scams we are in the process of sending out specific information to help protect them against the prospect of such fraudulent activity.
“We also have in place dedicated teams and protective systems to actively monitor unusual or suspicious activity 24 hours a day, seven days a week.
“When we suspect any such activity, we will raise our concerns with customers to confirm whether such transfers or purchases are legitimate. If customers notice any unusual transactions or activity with their banking services they should contact us immediately.”
Criticism from government
The federal government remains critical of Optus, particularly over Medicare numbers.
Yesterday afternoon, attorney-general Mark Dreyfus told parliament “We were concerned this morning about reports that personal information from the Optus data breach apparently also includes Medicare numbers.
“Medicare numbers were never notified as forming part of the breach.
“Optus has a clear obligation to notify both the affected individuals and the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. Consumers have also got a right to know exactly what individual personal information has been compromised in Optus’s communications to them.”
Dreyfus also told parliament the AFP was now working with the FBI as well as with state and territory police.
Health minister Mark Butler followed up Dreyfus’s remarks in a Radio National interview on Wednesday morning, also criticising Optus for not including Medicare numbers in its original breach advice: “It’s deeply unfortunate that we were only notified that Medicare details were included in that data breach in the last 24 hours or so,” he said.
Butler added that the government is looking at whether medicare numbers for affected customers can be replaced.
According to the Sydney Morning Herald, assistant treasurer Stephen Jones has called on Optus to foot the bill for replacing peoples’ passports, saying: “any cost that’s associated with replacing documents – frankly I’ve been quite pointed about this – if Optus has done the wrong thing, it shouldn’t be customers or the commonwealth government or any other government that is bearing the cost of what is at its heart a fault, a problem, a mistake, a stuff-up by Optus.”
States align with NSW over driver’s licence replacement
Other states have begun following NSW’s lead in making it easier for affected citizens to replace their driver’s licences.
Victoria, Queensland and South Australia have gone a step further than NSW, by making licence replacement free.
Queensland’s transport and main roads minister Mark Bailey made the announcement on Twitter at 5.30pm, September 27.
Earlier that day, Transport and Main Roads Queensland had indicated to iTnews it was against replacing licenses, which it regards as “a highly secure identity document with a range of physical security features to prevent alteration or forgery”.
TMR’s information page is here.
Victoria has posted this information page for affected customers seeking new licenses.
South Australians are advised to visit a Service SA office to get their licence number changed.
At the time of publication, iTnews has become aware that Service NSW is having trouble coping with the volume of traffic from people wanting their driver’s licence re-issued.