Exclusive: It was a gut-wrenching one-two punch for New South Wales mum Kim Anesbury.
The first blow hit in 2019, after her son Ricky Court had died suddenly, and Optus rejected her desperate attempts to keep his mobile phone number for sentimental reasons.
The second landed last month, when she got two letters in quick succession from Australia’s second-largest mobile provider, both addressed to her dead boy and within days of the third anniversary of his death.
According to the first Optus letter, a combination of Court’s personal information had been exposed in Australia’s biggest corporate cyberattack.
Inside the second envelope, and even more jarring, they confirmed the number of his NSW driver’s licence was exposed, potentially taken by a hacker.
Anesbury was livid.
Three years earlier, she’d made it explicitly clear to Optus that her son was dead.
That was evident because Anesbury was asking that Optus let her keep paying for her son’s account so she might have it transferred into her control.
At the request of Optus, she sent in his death certificate.
That was a sign, Anesbury thought, that things were going to fall in her favour.
But a few days later, Anesbury was left distraught after opening an email from Optus informing her “the number has been moved on”.
“I really wanted to keep that number,” she told 9news.com.au, “so I could hear his voice (mail message) and to keep everything on the phone.”
It felt “really bad” to suddenly get the letters addressed to her boy, she said, especially the one “saying that his licence has been hacked”.
Read Related Also: India: At least 132 dead, many injured after bridge carrying hundreds collapses into river
“I thought, ‘You bloody bastards, sending me mail in Ricky’s name’ and saying that his licence has been exposed,” she said.
“Nearly three years ago I … sent in his death certificate trying to get his number.
“You people should have deleted everything then.”
It worries Anesbury that her son’s personal information and licence number have been exposed, and potentially shared among criminals on the dark web.
Dr Brendan Walker-Munro, a privacy expert with the University of Queensland, said a combination of basic personal information is “precisely” what hackers need to “get the ball rolling for the types of offences that they want to commit”.
When contacted by 9news.com.au, an Optus spokesperson said they were “deeply sorry for this customer’s loss and apologise for any distress our contact may have caused”.
Walker-Munro said current legislation allows companies, like Optus, to hold on to information as long as they can prove a need for it.
Scam text fools drivers into thinking they have missed paying a toll
Under the consumer code, Optus is required to keep billing information for up to six years.
But it is difficult to understand why dead people’s information is being retained, Walker-Munro said.
“How many other people have they done it to?” Anesbury said.
Earlier this month 9news.com.au reported on a Newcastle widower’s dead wife being sent a letter, advising her details had been caught up in the hack.
