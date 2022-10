On September 22, the telecommunications company Optus revealed that details of up to 9.8 million customers had been stolen from their database. Dating back to 2017, these include names, birthdates, phone numbers, email addresses and, in a number of cases, addresses, passport number or driver’s licenses.

To date, the company remains unclear about the precise details of the data lost in the hack. As minister for government services and NDIS Bill Shorten put it, “Services Australia has been working around the clock to help protect customers, but we need Optus to help us help Australians.”

Optus claims that the breach arose from a “sophisticated cyberattack”. The assessment is not tenable, given the ease with which an application programming interface (API) was linked to an Optus customer database. In basic terms, an API permits the transfer of data. Left exposed, any enterprising individual can find their way into otherwise inaccessible systems.