Perth Mint hit by data breach involving third-party provider

Discussion in 'General Precious Metals Discussion' started by PM, Sep 8, 2018.

  1. PM

    PM Active Member Silver Stacker

    Joined:
    Sep 7, 2013
    Messages:
    400
    Likes Received:
    135
    Trophy Points:
    43
    Location:
    Australia
  2. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    253
    Likes Received:
    379
    Trophy Points:
    63
    Location:
    Perth
    13 customers is not a lot, but I'm curious about who the "third-party provider" would be, maybe one of those online AML checking services, given the info stolen.
     
  3. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    253
    Likes Received:
    379
    Trophy Points:
    63
    Location:
    Perth
  4. tongkat

    tongkat Active Member Silver Stacker

    Joined:
    Apr 8, 2018
    Messages:
    326
    Likes Received:
    175
    Trophy Points:
    43
    Location:
    SE Queensland, Australia
    Here’s the email that went out to investors

    Dear Customer,


    We are writing to let you know that The Perth Mint has experienced a data breach involving the personal information of 13 Depository Online customers.


    At the outset we want to assure you that your Depository Online investment account at The Perth Mint remains secure and has not been affected in any way.


    Our forensic investigation to date indicates that the breach occurred as a result of data being taken from information held by a third-party provider.



    We are in the process of contacting the 13 clients whose data has been breached and offering them assistance to help prevent their personal information from being misused.


    Our investigation is ongoing, and we are working with the external third-party provider to understand how this breach occurred.



    We have taken immediate steps to nullify the identified threat and can assure your account and our systems remain secure.



    Further information in relation to our response to the data breach is available on our websitewww.perthmint.com/data



    If you would like to contact us in relation to this matter please emailour depository team at
     
  5. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    4,128
    Likes Received:
    1,370
    Trophy Points:
    113
    Location:
    Australia
    I got the email too. Seems odd that it's only 13 people, and who is the third party and why did they have access to customers data?
     
  6. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    253
    Likes Received:
    379
    Trophy Points:
    63
    Location:
    Perth
    We know from their annual report they have 35,000 depository customers, so 13 is really small although the article says "Depository Online investors represented only a small group of the Perth Mint's customer base" so it is 13 out of some "small" proportion of 35,000.
     
  7. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    4,128
    Likes Received:
    1,370
    Trophy Points:
    113
    Location:
    Australia
    More people hit, including myself it seems:

    Nothing important, just your bank account, passport and drivers license number, and presumably you name as well :rolleyes:
     
    Last edited: Sep 17, 2018
    tiddleyetom likes this.
  8. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    4,128
    Likes Received:
    1,370
    Trophy Points:
    113
    Location:
    Australia
  9. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    253
    Likes Received:
    379
    Trophy Points:
    63
    Location:
    Perth
    + address, DOB, enough for identify theft? That wording is very vague, "from an old 2016 database" means everyone who had an account in 2016 has been breached. I note that the email does not give a number of customers affected anymore, probably because it is a big number.
     
    Ipv6Ready, tiddleyetom and Shaddam IV like this.
  10. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    4,128
    Likes Received:
    1,370
    Trophy Points:
    113
    Location:
    Australia
    Looks like they got all the personal data of 3200 customers.

    https://www.perthmint.com/mr-tpm-confirms-more-customers-in-data-breach.aspx

     
    tiddleyetom likes this.
  11. alor

    alor Well-Known Member Silver Stacker

    Joined:
    Jun 16, 2011
    Messages:
    10,870
    Likes Received:
    2,882
    Trophy Points:
    113
    Location:
    Pulau Alor ;)
    its really bad, if my address and another detail is exposed...
    this could mean, some one can kidnap my kitty cat and ask me to empty my safe
    you can not protect the property from its owner
     
  12. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    253
    Likes Received:
    379
    Trophy Points:
    63
    Location:
    Perth
    10% of the depository customer base is does not "represented only a small subset of The Perth Mint's customer base". They say "no threat to any account holdings" but then in the email that "we recommend that you contact your bank ... If you have concerns over the use of your driver’s license and/ or passport numbers, we recommend that you contact the relevant authority to also seek their advice".

    I wonder what the going price is for a list of 3200 addresses of people with potentially physical gold at home?
     
    tiddleyetom and ozcopper like this.
  13. pmbug

    pmbug Active Member

    Joined:
    Oct 22, 2011
    Messages:
    313
    Likes Received:
    72
    Trophy Points:
    28
    Location:
    Texas
    Oh my. 3,200 is a slightly bigger deal than 13.

    "We apologise for the fault in the subtitles. Those responsible have been sacked."
     
  14. tiddleyetom

    tiddleyetom Member

    Joined:
    Nov 24, 2012
    Messages:
    143
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kiwi in Denmark
    Got the letter a few hours back..
    Replied to PM and
    Wrote to my bank..
    I can change my bank account details but not my Identity
    Should I be concerned about my passport.. ?
     
    JOHNLGALT likes this.
  15. Ipv6Ready

    Ipv6Ready Well-Known Member Silver Stacker

    Joined:
    Jan 8, 2016
    Messages:
    4,293
    Likes Received:
    1,149
    Trophy Points:
    113
    Location:
    North Sydney
    Very strange, what service aren’t I getting that excluded me from this data breach.

    In all seriousness, It would be nice to know what partcular service was affected, for people who might no longer use Perth Mint.

    Especially since, clients DOB definitely wouldn’t have changed and potentially passport, driver licence, bank and address haven’t changed either.
     
    oziwassabi likes this.
  16. tongkat

    tongkat Active Member Silver Stacker

    Joined:
    Apr 8, 2018
    Messages:
    326
    Likes Received:
    175
    Trophy Points:
    43
    Location:
    SE Queensland, Australia
    Yes, I would welcome a bit more information.
     
  17. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    4,128
    Likes Received:
    1,370
    Trophy Points:
    113
    Location:
    Australia
    They said it was a database from 2016, so presumably if you signed up after that you are weren't affected.
     
    Ipv6Ready likes this.
  18. raven

    raven Well-Known Member Silver Stacker

    Joined:
    Apr 27, 2014
    Messages:
    1,537
    Likes Received:
    291
    Trophy Points:
    83
    Location:
    Victoria
    Of course they sold it off !
    What makes you think they wouldn't.
    :)
     
  19. JOHNLGALT

    JOHNLGALT Well-Known Member

    Joined:
    Apr 3, 2017
    Messages:
    2,822
    Likes Received:
    953
    Trophy Points:
    113
    Location:
    Country Victoria Australia
    YES.
    YES.jpg
     
    tiddleyetom likes this.
  20. tiddleyetom

    tiddleyetom Member

    Joined:
    Nov 24, 2012
    Messages:
    143
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Kiwi in Denmark
    From Perth Mint;
    "In relation to the what ID information was accessed, only the Passport number and Expiry date were accessed, no other ID document’s details were accessed during the breach."
     

Share This Page