Discussion in 'General Precious Metals Discussion' started by PM, Sep 8, 2018.
13 customers is not a lot, but I'm curious about who the "third-party provider" would be, maybe one of those online AML checking services, given the info stolen.
The official response https://www.perthmint.com/MR-the-perth-mint-experiences-data-breach.aspx
Here’s the email that went out to investors
We are writing to let you know that The Perth Mint has experienced a data breach involving the personal information of 13 Depository Online customers.
At the outset we want to assure you that your Depository Online investment account at The Perth Mint remains secure and has not been affected in any way.
Our forensic investigation to date indicates that the breach occurred as a result of data being taken from information held by a third-party provider.
We are in the process of contacting the 13 clients whose data has been breached and offering them assistance to help prevent their personal information from being misused.
Our investigation is ongoing, and we are working with the external third-party provider to understand how this breach occurred.
We have taken immediate steps to nullify the identified threat and can assure your account and our systems remain secure.
Further information in relation to our response to the data breach is available on our websitewww.perthmint.com/data
If you would like to contact us in relation to this matter please emailour depository team at
I got the email too. Seems odd that it's only 13 people, and who is the third party and why did they have access to customers data?
We know from their annual report they have 35,000 depository customers, so 13 is really small although the article says "Depository Online investors represented only a small group of the Perth Mint's customer base" so it is 13 out of some "small" proportion of 35,000.
More people hit, including myself it seems:
Nothing important, just your bank account, passport and drivers license number, and presumably you name as well
+ address, DOB, enough for identify theft? That wording is very vague, "from an old 2016 database" means everyone who had an account in 2016 has been breached. I note that the email does not give a number of customers affected anymore, probably because it is a big number.
Looks like they got all the personal data of 3200 customers.
its really bad, if my address and another detail is exposed...
this could mean, some one can kidnap my kitty cat and ask me to empty my safe
you can not protect the property from its owner
10% of the depository customer base is does not "represented only a small subset of The Perth Mint's customer base". They say "no threat to any account holdings" but then in the email that "we recommend that you contact your bank ... If you have concerns over the use of your driver’s license and/ or passport numbers, we recommend that you contact the relevant authority to also seek their advice".
I wonder what the going price is for a list of 3200 addresses of people with potentially physical gold at home?
Oh my. 3,200 is a slightly bigger deal than 13.
"We apologise for the fault in the subtitles. Those responsible have been sacked."
Got the letter a few hours back..
Replied to PM and
Wrote to my bank..
I can change my bank account details but not my Identity
Should I be concerned about my passport.. ?
Very strange, what service aren’t I getting that excluded me from this data breach.
In all seriousness, It would be nice to know what partcular service was affected, for people who might no longer use Perth Mint.
Especially since, clients DOB definitely wouldn’t have changed and potentially passport, driver licence, bank and address haven’t changed either.
Yes, I would welcome a bit more information.
They said it was a database from 2016, so presumably if you signed up after that you are weren't affected.
Of course they sold it off !
What makes you think they wouldn't.
From Perth Mint;
"In relation to the what ID information was accessed, only the Passport number and Expiry date were accessed, no other ID document’s details were accessed during the breach."
Separate names with a comma.