Perth Mint hit by data breach involving third-party provider

  • Thread starter Thread starter PM
  • Start date Start date
tiddleyetom said:
From Perth Mint;
"In relation to the what ID information was accessed, only the Passport number and Expiry date were accessed, no other ID document’s details were accessed during the breach."
Click to expand...

@tiddleyetom - I wouldn't sweat that passport info too much. If you travel much overseas consider all the times you have been asked for it at a hotel, etc. Much more likely data breach there IMO.
 
Apparently my personal info was compromised according to an email I received on Monday from the mint.

Is the identity of the third party still a guarded secret?
 
tongkat said:
No one has been identified as far as I know.
Click to expand...
I am confused as to why this 3rd parties details cant be named? Multiple people have had their details "shared" with god knows who...
It is not just in these circumstances that the individual is not privy to further information, for eg if your card is compromised at an ATM the bank is not required and will not advise which particular ATM the breach occurred. .
 
oziwassabi said:
I am confused as to why this 3rd parties details cant be named? Multiple people have had their details "shared" with god knows who...
It is not just in these circumstances that the individual is not privy to further information, for eg if your card is compromised at an ATM the bank is not required and will not advise which particular ATM the breach occurred. .
Click to expand...

Likely because it is an off shore bullion dealer who sells paper for PM but in turn is a large customer of its physical.

Therefore PM is worried for the market.

My logic, “third-party provider” doesn’t have to be an IT company or an accounting firm, it could be a dealer/broker who sells PMt paper service.

Also I say off shore as Australian companies would be in breach of criminal act for not reporting it. Smaller companies are exempt but to provide 3200 customers I doubt it is a local store dealer
 
The third party would not be a bullion dealer as this breach was only for the Mint's direct online service, not the certificate program, and the Mint says it was the whole 2016 database that was accessed, which is not something one of their dealers would have access to.
 
My first thought (given the information held in the database) was that it could be a third party assisting with the KYC process / ID verification.
 
They are now offering a free monitoring service to those affected:

Dear Client

We are writing to you again following the breach of your personal information and would like to again reassure you that your investments remain safe and secure.

As some clients may feel more comfortable taking additional advice and steps to protect their data from any potential misuse, we have engaged a respected cyber-security advisor, at this stage for Australian and New Zealand clients. We continue to investigate options for clients located in other jurisdictions.

IDCARE is Australia’s leading National Identity and Cyber Support experts. They can provide advice to minimise any potential misuse of your information and also a cyber-monitoring credit file protection service to protect clients from the misuse of their identity for the purpose of gaining credit facilities. For information regarding their services, please visit: https://www.idcare.org/

Should you wish to make use of their services, please make direct contact with IDCARE on 1300 432 273 and quote the reference code “”. As an affected client of Perth Mint, you will receive their services for twelve months at no cost to you.

We sincerely regret the unlawful access to your personal information. As always, should you wish to contact the Perth Mint Depository team, please email us at [email protected] or call +61 8 9421 7250
Click to expand...
 
Bullion Baron said:
My first thought (given the information held in the database) was that it could be a third party assisting with the KYC process / ID verification.
Click to expand...

That was my first thought too, but it is a shame we may never know the complete details. If their entire 2016 database was leaked then it could also be an outsourced IT service provider or even another government agency. At least the Perth Mint has been open in acknowledging and notifying people that an incident took place, but I just wish they would state the reason why they are being secretive about the 3rd party, even if they can't give further information.
 
Hi guys,
Does any body know if everyone that was breached have been notified - my question relate to a break-in that occurred prior and I wonder to know if that was a result from the data breach. Any help would be appreciated.
 
SilverDJ said:
They are now offering a free monitoring service to those affected:
Click to expand...

Dear Client

We are writing to you again following the breach of your personal information and would like to again reassure you that your investments remain safe and secure.

As some clients may feel more comfortable taking additional advice and steps to protect their data from any potential misuse, we have engaged a respected cyber-security advisor, at this stage for Australian and New Zealand clients. We continue to investigate options for clients located in other jurisdictions.

IDCARE is Australia’s leading National Identity and Cyber Support experts. They can provide advice to minimise any potential misuse of your information and also a cyber-monitoring credit file protection service to protect clients from the misuse of their identity for the purpose of gaining credit facilities. For information regarding their services, please visit: https://www.idcare.org/

Should you wish to make use of their services, please make direct contact with IDCARE on 1300 432 273 and quote the reference code “”. As an affected client of Perth Mint, you will receive their services for twelve months at no cost to you.

We sincerely regret the unlawful access to your personal information. As always, should you wish to contact the Perth Mint Depository team, please email us at [email protected] or call +61 8 9421 7250
Click to expand...


So I contacted the credit monitoring reporting agency and it turns out that the Perth Mint's offer of 12 months monitoring is not genuine.
All IDCARE are offering is to put a 3 week ban in place with the three credit reporting agencies in Australia, and you are able to extend that, but you have to do that yourself it seems. The credit monitoring service is NOT included.
IDCARE didn't seem happy with the Perth Mint wording about this and the suggestion that you'd get 12 months of credit monitoring, and they have made them aware of that.
 
Perth Mint really needs to hire expert third party public relations firm.

Like 99.99% of companies, internal marketing or communications people lack the knowledge nor are experts in the potential fall out and reputational damage ID theft could inflict on their Brand and Trust.

What ever the contractual arrangement limiting Perth Mint disclosing who it is, they must realise by now the Face of this fiasco is Perth Mint.
 
Ipv6Ready said:
contractual arrangement limiting Perth Mint disclosing who it is, they must realise by now the Face of this fiasco is Perth Mint.
Click to expand...

It is standard in many contracts to have non disclosure type stuff, but yes the Mint must be real pissed off that it has to take all the heat while the "third party" gets no negative brand name impact. I am at a loss as to how "we will do a credit block for 3 weeks" from IDCARE turns into "12 months free monitoring" message to Mint clients.
 
SilverDJ said:
According to that video posted they did hire a PR company.
Click to expand...

I was presuming the PR firm are not experts in IT data theft, but it could be Perth Mint is not heeding all the advice of the firm.

Experience in handling data theft is not easy to acquire.
 
SilverDJ said:
According to that video posted they did hire a PR company.
Click to expand...

This experience has been a positive for me TBH. If they have to hire a PR company, and are vehemently secretive (for whatever legal or other reason), then it reinforces my belief that they are more concerned about image and profit over customers. This is a simple reality, not making a judgement on good or bad, just that it informs my future investment decisions.
 
You must log in or register to reply here.
Back
Top