2022 Optus data breach

In September 2022, Optus, Australia's third-largest telecommunications company, suffered a data breach, affecting up to 10 million current and former customers, or over a third of Australia's population. Information illegally obtained included names, birthdates, home addresses, phone numbers, email contacts, and passport and driving licence numbers. Conflicting claims have been made about how the breach happened; Optus presented it as a complicated attack on their systems, while an Optus insider and the Australian government have claimed that a human error causing a vulnerability in the company's API occurred. A ransom notice was made, asking for A$1,500,000 to stop the data from being sold online. After a few hours, they deleted the ransom notice and apologised for their actions.

Optus has received criticism from government figures, including Home Affairs and Cyber Security Minister Clare O'Neil and Minister for Government Services Bill Shorten, for their role in the attack and for being uncooperative with government agencies and the general public. The government has announced legislation, including allowing information to be shared with financial services and government agencies and reforms to Australia's security of critical infrastructure laws, to help the government act for future breaches.

In response to the breach, Optus has agreed to pay for the replacements of passports that have been compromised, commissioned an external review, and given highly affected customers a subscription to a credit monitoring service. Optus has also apologised for the breach. Optus has faced criticism from customers for not being responsive and providing inadequate responses to those affected. Multiple investigations into the breach and a class-action lawsuit from affected customers are ongoing as of June 2023.