Yes. The Optus breach occurred on September 22, 2022, affecting 9.8 million records.

What data was exposed in the Optus breach?

The 2022 Optus breach exposed personal data of 9.8 million Australian customers including passport and license numbers.

What should I do if I was affected by the Optus data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Optus Data Breach

Critical Severity 9.8 million records affected Published February 10, 2026

Company	Optus
Breach Date	September 22, 2022
Disclosure Date	September 22, 2022
Records Affected	9.8 million

In September 2022, Australian telecommunications company Optus suffered a major data breach affecting up to 9.8 million customers, nearly 40% of Australia's population. The breach exposed highly sensitive identity documents and prompted significant regulatory and legal action.

What Happened

On September 22, 2022, Optus disclosed that an attacker had accessed customer data through an unauthenticated API endpoint that was publicly accessible on the internet. The API did not require authentication, meaning anyone who discovered it could query customer records. The attacker accessed records dating back to 2017. A user on a hacking forum initially demanded $1 million ransom and leaked 10,000 records as proof before withdrawing the extortion attempt, claiming the dataset had been deleted. Optus faced severe criticism for the security lapse and Australian regulators launched investigations. The breach led to legislative changes in Australia around data retention and breach notification.

What Data Was Exposed

Full names
Dates of birth
Phone numbers
Email addresses
Home addresses
Passport numbers
Driver's license numbers
Medicare ID numbers

Who Is Affected

Up to 9.8 million current and former Optus customers in Australia were affected. Approximately 2.8 million had highly sensitive identity document numbers (passport, driver's license, Medicare) exposed. Anyone who was an Optus customer since 2017 may have been impacted.

How to Check If You Were Affected

Optus contacted affected customers directly via email, SMS, and mail. If you were an Optus customer, you can contact Optus customer service or visit optus.com.au for breach-related information. Check HaveIBeenPwned.com to see if your email is in the dataset. Australian citizens can also check with IDCARE (idcare.org) for identity theft support.

What You Should Do Now

Replace compromised identity documents (passport, driver's license)
Take advantage of the Australian government's document replacement program
Place a ban on your credit file with Australian credit bureaus (Equifax, Experian, illion)
Monitor for identity theft and unauthorized account creation
Be alert for scams referencing the Optus breach
Report any suspicious activity to Scamwatch and your bank
Consider a credit monitoring service

Last updated: February 10, 2026