The Optus breach in 2022 involved attackers stealing millions of customer records through an unauthenticated API endpoint. This incident cost the telecom company $140 million AUD in fallout. The vulnerability was easy to exploit and similar issues are still being found in major organizations.
TPRM report: https://scoringcyber.rankiteo.com/company/optus
"id": "opt748072825",
"linkid": "optus",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Telecommunications',
'name': 'Optus',
'type': 'Telecom Company'}],
'attack_vector': 'Unauthenticated API Endpoint',
'data_breach': {'number_of_records_exposed': 'Millions',
'type_of_data_compromised': 'Customer records'},
'description': 'APIs are the backbone of modern applications and one of the '
'most exposed parts of an organization’s infrastructure, '
'making them a prime target for attackers. One of the '
'highest-profile examples was the Optus breach in 2022, where '
'attackers stole millions of customer records through an '
'unauthenticated API endpoint, costing the telecom company '
'$140 million AUD in fallout.',
'impact': {'data_compromised': 'Millions of customer records',
'financial_loss': '140 million AUD'},
'initial_access_broker': {'entry_point': 'Unauthenticated API Endpoint'},
'post_incident_analysis': {'root_causes': 'Broken Authorization'},
'references': [{'source': 'Intruder'}],
'title': 'APIs: Still Easy Targets in 2025',
'type': 'Data Breach',
'vulnerability_exploited': 'Broken Authorization'}