Australian breach victim's two-year road to recover from identity theft

An Australian data breach victim has detailed two years of misuse of their identity, with relief achieved only by appearing before a magistrate, or registering for services using a parent’s name.

The victim, a client of IDCARE - a service commonly offered to those caught up in Australia’s frequent data breaches - had scans of their Medicare card and NSW driver’s license shared on a Telegram channel.

It is still unclear which entity that had taken copies of the cards had been breached.

IDCARE detailed the repercussions of the breach on the victim, and the barriers they continue to experience to recover for “up to 24 months” after engaging IDCARE.

“Despite a multitude of fraud events committed in their name, including the establishment of transactional bank accounts (even after the client had received a new driver licence card number) this client was not able to get their driver's licence number changed until appearing before a magistrate,” IDCARE wrote. [pdf]

“Beyond the financial strain of addressing the misuse and correcting their identity information, the client explained how they were still, over 24 months after they initially engaged IDCARE, facing challenges in accessing services in their own name. 

“Their phone bill, car loan and even their lease all had to be registered under their parent’s name.”

IDCARE said its analysts had seen Telegram rise in stature as a place to leak stolen data.

“Throughout 2023, 45 percent of the listings detected by IDCARE analysts which pertained to the sale or distribution of compromised Australian identity data were found on Telegram, and over 100 new threat actors were identified via the platform,” the identity theft and cyber support service wrote.

Threat actors also appeared to be emboldened when using the platform, due - IDCARE argued - to Telegram's use of end-to-end encryption on chats.

“As these crimes continue to go on undisturbed, IDCARE has observed a cohort of threat actors on Telegram who place much less emphasis on maintaining their operational security (OPSEC),” it wrote.

“Rather, they appear comfortable with sharing details of their work within a forum of fellow threat actors, readily seeking and receiving support and advice.”