Data Breach

Optus Data Breach

9.8M records exposed • September 2022

Australia's second-biggest phone company left a door wide open on the internet. Hackers walked through and stole data on almost 10 million Australians, including passport numbers.

What Happened

Optus, Australia's second-largest telecom, suffered a massive breach when an unauthenticated API was exploited. Nearly 10 million Australians were affected.

Attack method: Exposed API endpoint

What Data Was Exposed

Names, Dates of birth, Phone numbers, Email addresses, Addresses, ID document numbers, Driver license numbers, Passport numbers

Is your business exposed?

What to Do If You're Affected

1.
Replace affected ID documents
2.
Enable credit monitoring
3.
Monitor for identity fraud

Lessons for Businesses

• APIs must require authentication
• Storing ID document numbers creates massive liability
• Regulatory consequences can be severe

Sources

https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack

Related Breaches

T Mobile, Att 2024

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required