In The Event Of
O

Optus Data Breach 2022:
What You Need to Know

Approximately 9.8 million Optus customer records were exposed after an unauthenticated API endpoint was left accessible to the internet. Here is what happened, what data was leaked, and steps you can take to protect yourself.

Breach date:September 2022
Records affected:~9.8 million
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Optus Breach Unfolded

20 September 2022

Optus detected suspicious network activity and shut down the attack. The breach exploited an unauthenticated API endpoint that had been exposed to the internet, allowing the attacker to query customer records without authentication.

22 September 2022

Optus publicly disclosed the breach, confirming that up to 9.8 million current and former customer records may have been accessed. The company notified the Australian Federal Police, the OAIC, and the Australian Cyber Security Centre (ACSC).

23 September 2022

An individual using the handle “optusdata” posted a sample of 10,000 stolen records on BreachForums alongside a $1M USD ransom demand. The following day, the attacker released a further 10,000 records, then abruptly deleted the posts, claiming the data had been destroyed.

28 September 2022

The Australian Government fast-tracked changes to telecommunications regulations, allowing Optus to share affected customer details directly with financial institutions to help prevent identity fraud.

Sources: ABC News (Sep 2022), ABC News (Oct 2022)

What Was Exposed

Personal Data Leaked in the Breach

The Optus breach was particularly severe because it included government-issued identity documents. Approximately 9.8 million current and former customers had personal details exposed, with millions also having driver licence, passport, or Medicare numbers compromised.

Data TypeRisk LevelWho Was Affected
Full nameHighAll approximately 9.8 million affected customers
Date of birthHighAll approximately 9.8 million affected customers
Email addressHighAll approximately 9.8 million affected customers
Phone numberHighAll approximately 9.8 million affected customers
Home addressHighAll approximately 9.8 million affected customers
Driver licence numberHighApproximately 7.7 million customers
Passport numberHighApproximately 2.1 million customers
Medicare numberHighSubset of affected customers

Risk levels based on the Australian Government's PSPF and OAIC Australian Privacy Principles. Identity-linked data (name, date of birth, address) and government-issued document numbers are rated highest due to their potential use in identity fraud.

Confirmed NOT Exposed

Optus confirmed that no payment or credit card details, passwords, or account PINs were compromised in the breach.

Company Response

What Optus Did

“I'm very sorry and understand the concern. We worked as hard as we could to prevent this.”
Kelly Bayer Rosmarin, former Optus CEO

Actions Taken by Optus

  • Immediately shut down the affected API endpoint
  • Notified the AFP, OAIC, and ACSC
  • Offered affected customers free Equifax credit monitoring for 12 months
  • Commissioned an independent external review by Deloitte
  • CEO Kelly Bayer Rosmarin resigned in November 2023
OAIC Breach ReportsABC News Coverage

What Now?

Steps You Can Take After the Optus Breach

The Optus breach is particularly concerning because it exposed government-issued identity documents. The combination of name date of birth address driver licence and passport number gives attackers the building blocks for identity fraud. Here are general best-practice steps, organised by the types of accounts most commonly affected.

Optus and Telco Accounts

Your telco account details were exposed. Other telco and utility accounts may use the same credentials.

Secure your Optus account

~5 min
It is generally considered best practice to update the password on any Optus account associated with exposed data. Enabling MFA where available adds a significant layer of protection. Consider reviewing recent account activity for any unauthorised changes or SIM swaps.
Go to Optus My Account

Review other telco and utility accounts

Where the same email address or password has been used across multiple telco, energy, or utility accounts, consider updating credentials on those accounts as well. Credential reuse remains one of the most common ways a single breach leads to broader exposure.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling MFA on email accounts associated with the breach is widely recommended. It is also worth checking email forwarding rules and connected app permissions, as these can be exploited to silently intercept communications.

Understand your full account exposure

Most people have dozens of online accounts linked to a single email address. When that email is exposed in a breach, understanding which services are connected is a critical first step in assessing personal risk. Tools that map your digital footprint can help identify accounts that may need attention.

Identity Document Protection

Government-issued identity documents were exposed. Replacing documents and placing credit bans is strongly recommended.

Replace exposed identity documents

~30 min per document
For those whose driver licence number or passport number was included in the exposed data, replacing these documents is one of the most effective steps to reduce ongoing identity fraud risk. State and territory governments offered expedited and fee-waived licence replacements following the breach. Passport holders can apply through the Australian Passport Office.
Australian Passport Office

Consider a credit ban (particularly important given identity documents were exposed)

~20 min
The combination of name date of birth address and driver licence number provides sufficient detail for fraudulent credit applications. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification. This is considered especially important for this breach given the extent of identity document exposure.
Equifax AUExperian AU (formerly Illion)

Set a SIM lock or port-out PIN

~10 min
Where phone number was part of the exposed data, contacting the relevant mobile carrier to set a port-out PIN is a practical safeguard. SIM-swap fraud can be used to intercept verification codes and bypass MFA on other accounts. This is particularly relevant for Optus customers whose phone numbers were directly exposed.
Optus security settings

Monitoring and Reporting

Australian resources for breach response and identity protection.

Stay alert for targeted phishing

Exposed name email phone number and date of birth may be used to craft highly convincing phishing messages. Treat any unsolicited contact referencing Optus account details with caution, and verify directly through official Optus channels. Be particularly wary of communications claiming to offer breach remediation or account recovery, as these are common social engineering tactics following major breaches.

Contact IDCare or report to Scamwatch

IDCare (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches. Reporting to Scamwatch contributes to broader awareness and helps authorities track emerging threats.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The Optus breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the Optus breach exposed names, dates of birth, addresses, and government-issued identity documents. If your email also appeared in the Medibank or Latitude Financial breaches, the combined data set may include health records, financial details, and additional identity documents. This kind of compound exposure significantly increases the risk of identity fraud.

  • Optus (2022)9.8M records - passport, licence, Medicare numbers
  • Medibank (2022)9.7M records - health claims, Medicare details
  • Latitude Financial (2023)14M records - driver's licence, passport numbers
  • Qantas (2025)5.7M records - name, date of birth, phone, email

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Optus Breach FAQ

Sources

  1. ABC News: "Optus data breach: What we know so far about what happened" (Sep 2022)
  2. ABC News: "Optus data breach: what we know so far" (Oct 2022)
  3. OAIC: Notifiable Data Breaches Report (Jul-Dec 2022)
  4. Australian Government: Protective Security Policy Framework (PSPF)
  5. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

Qantas Data Breach 2025

5.7M records exposed

High

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Optus (a subsidiary of Singapore Telecommunications Limited). If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.