Optus.com.au

In September 2022 Optus one of Australias largest telecommunications providers suffered a massive data breach affecting approximately 9.8 million current and former customers. The incident occurred due to an insecure API endpoint that was publicly accessible without authentication which allowed attackers to scrape sensitive customer information. The leaked data included highly sensitive identification documents such as passport numbers and drivers license details for a significant subset of the affected users. This breach led to a major national security discussion in Australia regarding data retention laws and corporate cybersecurity responsibilities.