VICTORIAN police are investigating a massive identity fraud involving the personal details of thousands of Australians that have been available on a blog site for more than a month.
The data, discovered by The Australian, includes thousands of Visa, Mastercard and American Express numbers, including expiry dates, together with home addresses, phone numbers and email addresses.
The list was posted on a free blogging site, where it was copied by search engine Google as part of its routine cataloguing of internet sites on April 21.
Victoria Police Sergeant Dave Spencer said the list appeared to have been collected from a number of sources before being sold to criminals.
"Lists like this come up for sale on the internet, and this is basically the end product of skimming and hacking of ATMs and other point-of-sale systems," Sergeant Spencer said.
"It's really important for people to check their credit card transactions and report anything suspicious to their banks so we can instigate an inquiry."
When contacted last night, several people whose names appeared on the list said they had no idea their credit card details had been stolen.
A number of the records appeared to have been taken from a holiday accommodation database, with entries such as "Ensuite Villa, 2br" included alongside cardholders' details.
Others were clearly from a courier organisation, including detailed delivery instructions for packages if the cardholder was not at home.
Most of those affected were Australian but the list also included credit card details from people based in New Zealand, Germany and Britain.
By Blair Speedy