Optus breach occurred due to a coding error, alleges ACMA

ACMA’s proceedings against Optus

On 20 May 2024, ACMA filed proceedings in the Federal Court against Optus alleging that during the data breach between 17 to 20 September 2022, Optus failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access as required under the Telecommunications (Interception and Access) Act 1979.

The breach saw the records o 9.5 million former and current Optus customers accessed. Of those, 3.6 million were active mobile subscribers, and is in relation to these customers ACMA seeks penalties for the contraventions.

The cyberattack led to the personally identifiable information of approximately 10,200 Optus customers being published on the dark web. Of Optus active subscribers, more than 3.1 million had their physical address accessed and more than 2.4 million had identity information such as passport, driver’s licence and Medicare numbers accessed.