I never thought much about my identity until someone tried to steal it. The only indication I had that we had been robbed was a call from the Commonwealth Bank’s fraud department. Apparently, my card had been used on several payWave transactions at fuel stations along Racecourse Road in Flemington. As I looked online, I saw that close to $900 had been spent.
Even after the call, it took an embarrassing amount of time to realise we had been burgled. My wallet was gone as well as my keys, a packet of cigarettes and a computer screen. After the police arrived, we also realised my then boyfriend’s car had been stolen.
It was sobering to see police in our home. There were three of them and their boots were big and thumped on the floorboards. Suddenly, my furniture looked too small, ridiculous even. I wondered what the robbers had thought. Apart from the car and my wallet, the thieves hadn’t really taken much. I had lost my wallet plenty of times and didn’t think much of it. I would come to regret that.
In cases of identity theft, a driver’s licence is considered the “golden ticket”. It has all the information one could need to gain access to a wide variety of accounts. A full name, date of birth, address and photograph. This information can be used to take out credit as well as to run credit checks to find out who you bank with.
Four months later, the difficulty began. It had been a long winter and we were now in August. I was working from home and microwaving my lunch when I received an email from my bank – a different bank from the payWave fraud – informing me my contact details had been updated. Surprised by my own vigilance I called the bank. While I was on hold, I logged into my account on a computer.
As an upbeat tune played down the phone, I could see my details changing. An unfamiliar phone number and email now floated on the screen before my eyes. Still on hold, I attempted to reset my password, but the verification required a phone number. The music stopped and I told the representative my account had been compromised. The bank changed my details back to the correct ones, launched an in-house fraud investigation and told me they’d be in touch.
The next day – another dreary one in the midst of lockdown – a representative from the bank called and told me someone had phoned four times and impersonated me with the correct identification details. Weird, I thought: I had assumed the incident was some sort of routine digital hacking but this seemed more targeted.
Because there is a Commonwealth Bank branch near where I live, I decided to go in and talk to them. After showing my driver’s licence I told the teller I’d had issues with a different banking company, and could they please check my account for any access or withdrawal attempts. The teller smiled at me, her thin blonde hair just covering her face. “No, it looks all good to me” I recall her saying. “Oh… wait, unless you tried to empty your account yesterday afternoon at Point Cook.”
I looked at the teller. We were in the middle of lockdown, with a five-kilometre radius and curfew. I had just explained to her that other accounts of mine had been compromised. “No, that wasn’t me,” I said. “Do you have any more information, please?”
According to the record, someone with my driver’s licence had requested to withdraw my entire account. According to the teller, the only reason the money wasn’t handed over is because my licence had expired. I thought back to March. At the time, I had tried to renew my licence but we were in lockdown. A month later, when my wallet was stolen in the burglary, it was my expired licence that had been taken. After hearing that someone was trying to impersonate me to access my bank account, I asked the bank to freeze it. I went straight home and started Googling “identity theft”.
I found the website idcare.org, which was probably the most helpful resource I came across. I submitted a web request that someone call me. In the meantime, I ran credit checks on myself. From that I found out that someone had opened a Car Next Door account in my name and taken out credit with a fast, online credit agency. I was alarmed and realised that other accounts might have been compromised, too.
I called Medicare. My account had been hacked and a new card ordered to my current address. I called VicRoads. A new licence had already been ordered. I began to get very worried. If cards were being ordered to my address, did that mean my house was being monitored? Were people planning to steal my mail? I went into an Australia Post branch and applied to have my mail rerouted for three months. It cost $68.
At this stage, while I understood that the point of the crime was to extract capital, I began to feel mad, targeted and violated. Every time I called a company or government agency I had an account with, I was on the phone for hours. Each time I felt no one really understood the gravity of how their company had neglected to protect my account. Even though I had called VicRoads and reported the fraud, I found out that someone had called later that day and ordered a new licence and that VicRoads had proceeded with the order. The only reason it wasn’t sent was that I called them again to double-check.
In the next few days there were several more in-person attempts to access my Commonwealth Bank account. I called the police who had handled the original burglary but the officer had moved precincts and never got back to me. The fraud attempts continued and I began to feel I was living in a perpetual bad dream. I couldn’t access my money because my accounts were frozen. I applied for a new Medicare number, but the perpetrator discovered that number, too. I began to be afraid the inevitable would happen – and they would finally obtain more identity documents.
I ordered shutters for my house and always kept an eye on cars parked in my street. I felt deeply uncomfortable out in the world and grew suspicious that people were looking at me. What little trust I had held in government agencies eroded completely. No one seemed to be able to help me. The onus was always on me to figure out if fraud had occurred.
I applied to have my driver’s licence numbers changed. I learnt this process was arduous. Not only did I need to prove the fraud with a police letter but I had to send the documents by mail. Apparently, the process took a minimum of one month. Getting the police report was difficult enough; the crime was considered “separate” from the aggravated burglary and I needed a new police report. No police ever helped me, called me back or seemed to care.
During the wait for a new licence number, I became used to seeing my identity whittled down to a series of numbers and past addresses. I grew uncomfortable with information that was searchable online. I felt seen in all the wrong ways. I changed my electricity account, my gas account, my water account, my phone number. I set up direct debits all while still unable to access any money. I borrowed money and felt lucky to be able to do so.
Every second day or so the perpetrator attempted again to enter my accounts, online, in person and on the phone. I shut down my trading account. I added verbal passwords to my superannuation account. I felt enraged that I needed to protect what little money I had with extremely long phone calls, convoluted passwords and conversations that never seemed to go anywhere. I began to see how the perpetrator worked. They used a combination of information extracted online, with the human factor of calling up and showing up.
Eventually I received a letter from VicRoads telling me I was eligible for a new licence number. I went to my branch and had a new photo taken. In the photo my skin is pale and sickly. I have dark shadows around my eyes and my lips are pursed in a grimace. My hair looks dry and limp. While I was waiting, I overheard an elderly lady express her exasperation and distress at having her life savings taken from her through fraud.
I went to the doctor and discovered my Medicare details had been changed again. I changed them back and ordered another new number. I changed the address on all my accounts to my then boyfriend’s parents’ address. It was the only one I could think of the perpetrator didn’t know. They still get my mail.
In the depths of my anguish and frustration, I considered legally changing my name. At the time it felt like the only way I could truly secure my identity again. I didn’t, but I did wonder about what makes an identity and what makes one worthy of taking. Eventually, without explanation, the fraud stopped.
Then, last Tuesday, I received an email from Optus. My name, date of birth, email and phone number had been leaked in their cyberattack.
This article was first published in the print edition of The Saturday Paper on October 8, 2022 as "Losing my identity".
For almost a decade, The Saturday Paper has published Australia’s leading writers and thinkers. We have pursued stories that are ignored elsewhere, covering them with sensitivity and depth. We have done this on refugee policy, on government integrity, on robo-debt, on aged care, on climate change, on the pandemic.
All our journalism is fiercely independent. It relies on the support of readers. By subscribing to The Saturday Paper, you are ensuring that we can continue to produce essential, issue-defining coverage, to dig out stories that take time, to doggedly hold to account politicians and the political class.
There are very few titles that have the freedom and the space to produce journalism like this. In a country with a concentration of media ownership unlike anything else in the world, it is vitally important. Your subscription helps make it possible.
Select your digital subscription