Perth Mint hit by data breach involving third-party provider

Discussion in 'General Precious Metals Discussion' started by PM, Sep 8, 2018.

  1. tongkat

    tongkat Active Member Silver Stacker

    Joined:
    Apr 8, 2018
    Messages:
    184
    Likes Received:
    79
    Trophy Points:
    28
    Location:
    Northern Rivers, NSW
    @tiddleyetom - I wouldn't sweat that passport info too much. If you travel much overseas consider all the times you have been asked for it at a hotel, etc. Much more likely data breach there IMO.
     
  2. SpacePete

    SpacePete Well-Known Member Silver Stacker

    Joined:
    Mar 1, 2014
    Messages:
    12,967
    Likes Received:
    46
    Trophy Points:
    48
    Apparently my personal info was compromised according to an email I received on Monday from the mint.

    Is the identity of the third party still a guarded secret?
     
  3. SpacePete

    SpacePete Well-Known Member Silver Stacker

    Joined:
    Mar 1, 2014
    Messages:
    12,967
    Likes Received:
    46
    Trophy Points:
    48
    I saw a rant on YouTube on the breach. This guy is not happy:

     
  4. tongkat

    tongkat Active Member Silver Stacker

    Joined:
    Apr 8, 2018
    Messages:
    184
    Likes Received:
    79
    Trophy Points:
    28
    Location:
    Northern Rivers, NSW
    No one has been identified as far as I know.
     
  5. oziwassabi

    oziwassabi Active Member Silver Stacker

    Joined:
    Apr 26, 2010
    Messages:
    242
    Likes Received:
    128
    Trophy Points:
    43
    Location:
    over here
    I am confused as to why this 3rd parties details cant be named? Multiple people have had their details "shared" with god knows who...
    It is not just in these circumstances that the individual is not privy to further information, for eg if your card is compromised at an ATM the bank is not required and will not advise which particular ATM the breach occurred. .
     
  6. Ipv6Ready

    Ipv6Ready Well-Known Member Silver Stacker

    Joined:
    Jan 8, 2016
    Messages:
    3,621
    Likes Received:
    606
    Trophy Points:
    113
    Location:
    North Sydney
    Likely because it is an off shore bullion dealer who sells paper for PM but in turn is a large customer of its physical.

    Therefore PM is worried for the market.

    My logic, “third-party provider” doesn’t have to be an IT company or an accounting firm, it could be a dealer/broker who sells PMt paper service.

    Also I say off shore as Australian companies would be in breach of criminal act for not reporting it. Smaller companies are exempt but to provide 3200 customers I doubt it is a local store dealer
     
  7. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    212
    Likes Received:
    265
    Trophy Points:
    63
    Location:
    Perth
    The third party would not be a bullion dealer as this breach was only for the Mint's direct online service, not the certificate program, and the Mint says it was the whole 2016 database that was accessed, which is not something one of their dealers would have access to.
     
    ozcopper and Ipv6Ready like this.
  8. Bullion Baron

    Bullion Baron Well-Known Member Silver Stacker

    Joined:
    Sep 15, 2009
    Messages:
    2,508
    Likes Received:
    140
    Trophy Points:
    83
    Location:
    Adelaide
    My first thought (given the information held in the database) was that it could be a third party assisting with the KYC process / ID verification.
     
  9. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    3,659
    Likes Received:
    797
    Trophy Points:
    113
    Location:
    Australia
    He links to a followup video. Seems the Perth Mint have shut down comments.

     
  10. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    3,659
    Likes Received:
    797
    Trophy Points:
    113
    Location:
    Australia
    They are now offering a free monitoring service to those affected:

     
  11. SpacePete

    SpacePete Well-Known Member Silver Stacker

    Joined:
    Mar 1, 2014
    Messages:
    12,967
    Likes Received:
    46
    Trophy Points:
    48
    That was my first thought too, but it is a shame we may never know the complete details. If their entire 2016 database was leaked then it could also be an outsourced IT service provider or even another government agency. At least the Perth Mint has been open in acknowledging and notifying people that an incident took place, but I just wish they would state the reason why they are being secretive about the 3rd party, even if they can't give further information.
     
  12. 804aa

    804aa New Member

    Joined:
    Sep 26, 2018
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    3
    Hi guys,
    Does any body know if everyone that was breached have been notified - my question relate to a break-in that occurred prior and I wonder to know if that was a result from the data breach. Any help would be appreciated.
     
    ozcopper likes this.
  13. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    3,659
    Likes Received:
    797
    Trophy Points:
    113
    Location:
    Australia

    So I contacted the credit monitoring reporting agency and it turns out that the Perth Mint's offer of 12 months monitoring is not genuine.
    All IDCARE are offering is to put a 3 week ban in place with the three credit reporting agencies in Australia, and you are able to extend that, but you have to do that yourself it seems. The credit monitoring service is NOT included.
    IDCARE didn't seem happy with the Perth Mint wording about this and the suggestion that you'd get 12 months of credit monitoring, and they have made them aware of that.
     
    jultorsk and bron.suchecki like this.
  14. Ipv6Ready

    Ipv6Ready Well-Known Member Silver Stacker

    Joined:
    Jan 8, 2016
    Messages:
    3,621
    Likes Received:
    606
    Trophy Points:
    113
    Location:
    North Sydney
    Perth Mint really needs to hire expert third party public relations firm.

    Like 99.99% of companies, internal marketing or communications people lack the knowledge nor are experts in the potential fall out and reputational damage ID theft could inflict on their Brand and Trust.

    What ever the contractual arrangement limiting Perth Mint disclosing who it is, they must realise by now the Face of this fiasco is Perth Mint.
     
  15. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    3,659
    Likes Received:
    797
    Trophy Points:
    113
    Location:
    Australia
    According to that video posted they did hire a PR company.
     
    Ipv6Ready likes this.
  16. bron.suchecki

    bron.suchecki Well-Known Member

    Joined:
    Feb 12, 2016
    Messages:
    212
    Likes Received:
    265
    Trophy Points:
    63
    Location:
    Perth
    It is standard in many contracts to have non disclosure type stuff, but yes the Mint must be real pissed off that it has to take all the heat while the "third party" gets no negative brand name impact. I am at a loss as to how "we will do a credit block for 3 weeks" from IDCARE turns into "12 months free monitoring" message to Mint clients.
     
    jultorsk and Ipv6Ready like this.
  17. Ipv6Ready

    Ipv6Ready Well-Known Member Silver Stacker

    Joined:
    Jan 8, 2016
    Messages:
    3,621
    Likes Received:
    606
    Trophy Points:
    113
    Location:
    North Sydney
    I was presuming the PR firm are not experts in IT data theft, but it could be Perth Mint is not heeding all the advice of the firm.

    Experience in handling data theft is not easy to acquire.
     
  18. SilverDJ

    SilverDJ Well-Known Member

    Joined:
    Nov 1, 2014
    Messages:
    3,659
    Likes Received:
    797
    Trophy Points:
    113
    Location:
    Australia
    It doesn't, and IDCARE are not happy with the wording the PM used, as they are copping some flack.
     
  19. SpacePete

    SpacePete Well-Known Member Silver Stacker

    Joined:
    Mar 1, 2014
    Messages:
    12,967
    Likes Received:
    46
    Trophy Points:
    48
    This experience has been a positive for me TBH. If they have to hire a PR company, and are vehemently secretive (for whatever legal or other reason), then it reinforces my belief that they are more concerned about image and profit over customers. This is a simple reality, not making a judgement on good or bad, just that it informs my future investment decisions.
     

Share This Page