In September 2022, Optus, a major Australian telecommunications provider, suffered a massive data breach involving unauthorized access to the personal information of approximately **9.5 million Australians**—nearly **40% of the country’s population**. The exposed data included highly sensitive details such as **names, birth dates, addresses, contact information, and government-issued identifiers (passport, Medicare, and driver’s license numbers)**. A portion of the stolen data was later **leaked on the dark web**, increasing risks of identity theft, financial fraud, and phishing attacks. The Australian Information Commissioner (AIC) alleged that Optus **failed to implement reasonable security measures** between **October 2019 and September 2022**, violating the **Privacy Act 1988**. The breach stemmed from an **unsecured API endpoint**, allowing attackers to exploit weak authentication controls. The AIC is pursuing **civil penalties of up to AUD $2.22 million per affected individual**, potentially resulting in one of the largest fines in Australian data protection history. The incident severely damaged Optus’s reputation, triggered regulatory scrutiny, and prompted nationwide calls for stricter cybersecurity laws.
Source: https://natlawreview.com/article/br-privacy-security-download-september-2025
TPRM report: https://www.rankiteo.com/company/optus
"id": "opt18104018092625",
"linkid": "optus",
"type": "Breach",
"date": "6/1988",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Legal / Judicial',
'location': 'United States',
'name': 'U.S. Federal Judiciary',
'type': 'Government'}],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High (judicial/legal documents)',
'type_of_data_compromised': ['confidential case documents',
'proprietary information']},
'description': 'The federal judiciary disclosed a cyberattack on its case '
'management system, PACER. While most documents on PACER are '
'public, some filings contain confidential or proprietary '
'information that were targeted by hackers. The federal '
'judiciary announced additional steps to strengthen '
'protections for sensitive case documents, including '
'implementing more rigorous procedures to restrict access to '
'sensitive documents under carefully controlled and monitored '
'circumstances. No details about the timing or frequency of '
'the cyberattack were disclosed.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'breach of judicial system integrity',
'data_compromised': ['confidential case documents',
'proprietary information'],
'operational_impact': 'Enhanced security measures implemented; '
'stricter access controls for sensitive '
'documents',
'systems_affected': ['PACER (Public Access to Court Electronic '
'Records)']},
'initial_access_broker': {'high_value_targets': ['confidential case '
'documents']},
'investigation_status': 'Ongoing (mitigation measures announced)',
'post_incident_analysis': {'corrective_actions': ['enhanced access controls',
'rigorous document '
'protection procedures']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Strengthen access controls for sensitive judicial '
'documents',
'Enhance monitoring of PACER system for unauthorized '
'access attempts',
'Implement stricter verification for users accessing '
'confidential filings'],
'references': [{'source': 'The BR Privacy & Security Download (Blank Rome '
'LLP)'}],
'response': {'communication_strategy': ['public announcement of breach and '
'mitigation steps'],
'containment_measures': ['restricted access to sensitive '
'documents'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['implemented more rigorous procedures '
'for document access']},
'title': 'Federal Court Filing System (PACER) Cyberattack',
'type': 'Cyberattack / Data Breach'}