A woman has been through cyber hell after her personal data was stolen and used to siphon tens of thousands of dollars in store credit from unsuspecting businesses.
Subscribe now for unlimited access.
or signup to continue reading
Karen Fox's exposure to the lengths that cyber criminals will go began in May 2022, after she received a letter saying that COVID and flood damage payments had been made in her and her husband's name.
"We found out that someone created fake MyGov accounts and claimed stuff fraudulently," Ms Fox said.
After inquiring with Centrelink about how this had occurred, the government agency revealed that someone other than her and her husband had access to a vast trove of personal documents.
"It wasn't just one or two documents, there were quite a few like payment summaries, passports, drivers licences, Medicare cards," she said.
"Just about every ID that we could possibly think of."
The revelation came as a shock to the south coast woman, who describes herself as a cautious person when it comes to her personal information, having been defrauded in her 20s. She was using two-factor authentication before it became widespread and gives out as little personal information as possible.
But, she believes her files were compromised, setting off a two year battle to control her name and identity.
After the initial letters from Centrelink, every few months a different, concerning letter would appear. Hackers were using Ms Fox's details to create accounts at over a dozen businesses and government departments, starting lines of credit with Qantas and Officeworks.
This allowed the hackers to purchase $6000 of items from Officeworks on credit, convert millions of Qantas miles into digital gift cards and make false claims via Medibank, netting the fraudster almost $10,000.
Thankfully, the hackers were not able to access Ms Fox's personal funds, however she estimates the cost of changing her name, applying for new ID documents such as passports and drivers licences and time and income lost from working on her business set her back significantly.
"I worked out it was about an $85,000 loss in revenue to my business, because I wasn't focusing on my business, I was focusing on changing everything, and $50,000 lost income, getting all new documents, all that sort of stuff."
While the lengths Mrs Fox's hackers have gone to may be new, Mrs Fox is not alone in having to deal with data breaches. A report from consumer advocacy group CHOICE published last week found that consumers were left carrying the burden of scams.
"Our research highlights that scam victims are left feeling alone, ashamed and carrying the burden of scams, while the businesses enabling the criminal activities of scammers face virtually no consequences," said CHOICE campaign director, Rosie Thomas.
Cyber scams on the rise
According to the latest report from the National Anti-Scam Centre, reported losses to scammers in Australia declined to $2.74 billion in 2023, however reports of scams were up, with 601,0000 scam reports in 2023.
Minister for Financial Services and Whitlam MP Stephen Jones said there was more work to do to stamp out scammers.
"While the report shows positive early signs, scam losses remain far too high and we urge Australians to remain alert to the threat of scammers and report any suspicious activity," he said when the latest figures were released.
Ms Fox reported what happened to her to police, but acknowledged that police were already under-staffed and under-resourced when it came to preventing cyber crime, as found in a 2021 report by the Australian Institute of Criminology.
Instead, Ms Fox is calling for businesses such as banks, insurers and large retailers to be strict when it comes to people opening new accounts. It's a message echoed by CHOICE, which found in its survey many victims felt action was lacking on the part of large financial institutions.
"Businesses like banks, telcos and social media platforms, who have the technology and resources to detect, prevent and respond to scams, are not moving fast enough to protect and support consumers from the scourge of scams," Ms Thomas said.
CHOICE has called for additional reporting of scams and a requirement for businesses to act on these reports and share data with other businesses, to prevent further scam activity.
However, businesses are dealing with their own cyber breaches and have pushed back on additional reporting requirements. In response to the release of the federal government's Cyber Security Strategy in November 2023, Business Council of Australia chief executive Bran Black said the strategy struck the right balance.
"The focus is rightly on equipping businesses with the tools to protect against cyber threats, not adding paperwork and onerous reporting requirements."
After two years of dealing with various agencies and businesses and having commissioned multiple investigations, Ms Fox is exhausted by the constant distribution of her personal data and just wants it to stop.
"It's stressful, it's traumatic and it's also an invasion."
Connor Pearce
Federal Political Reporter working for The Canberra Times from the parliamentary press gallery. Something to get off your chest? Connor.pearce@austcommunitymedia.com.au
Federal Political Reporter working for The Canberra Times from the parliamentary press gallery. Something to get off your chest? Connor.pearce@austcommunitymedia.com.au
