Back

Optus Privacy Breach Affects 51,000 Customers

Severity: Medium (Score: 54.6)

Sources: www.mauriceblackburn.com.au, Itnews.Au

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: optus, breach, oaic, customers, privacy, data, marathon

Severity indicators: breach, data breach, rat

Summary

Optus has been found to have breached the privacy of 51,000 customers by mistakenly publishing their unlisted phone numbers in the White Pages directory. This breach, which occurred between 2015 and 2019, was a result of Optus failing to communicate customer preferences regarding number listings to Telstra. The Office of the Australian Information Commissioner (OAIC) conducted a lengthy investigation, concluding that Optus held responsibility for the breach despite arguments to the contrary. The OAIC's determination allows for a representative complaint by Maurice Blackburn Lawyers, who will seek compensation for affected individuals. Customers impacted include those who ported their numbers to Optus during the specified timeframe. The breach highlights deficiencies in Optus's processes and technology over several years. The OAIC's findings will be applied to determine reasonable compensation for affected class members. Key Points: • Optus breached the privacy of 51,000 customers by publishing unlisted phone numbers. • The breach occurred due to failures in communication between Optus and Telstra regarding customer preferences. • Maurice Blackburn Lawyers will pursue compensation for affected individuals based on OAIC's findings.

Detailed Analysis

**Impact** 51,000 Optus customers who ported their phone numbers between 2015 and 2019 were affected by the erroneous publication of their unlisted phone numbers in the White Pages directory. The breach exposed names, addresses, and phone numbers, impacting customer privacy and potentially leading to reputational damage and compensation liabilities for Optus. The affected customers are primarily in Australia, with the breach involving a failure to respect unlisting preferences during number porting. The OAIC is overseeing compensation considerations for the impacted individuals. **Technical Details** The breach resulted from process and communication failures between Optus, Telstra, and Thryv regarding unlisted number preferences during phone number porting. Optus failed to transmit customers’ unlisted status to Telstra, which then affected the White Pages listings managed by Thryv. No malware, CVEs, or external attack vectors were reported; the issue stemmed from internal procedural errors and data handling deficiencies. The OAIC found Optus in breach of Australian Privacy Principle 11.1. **Recommended Response** Organizations should review and verify data handling and transmission processes related to customer privacy preferences, especially during service transitions like number porting. Monitor compliance with privacy obligations under applicable laws and ensure accurate data sharing between service providers. No specific technical patches or malware detections apply; focus should be on process audits and privacy impact assessments. Monitor for any further regulatory updates or compensation claims related to this incident.

Source articles (2)

  • Marathon OAIC investigation finds Optus breached 51,000 customers' privacy — Itnews.Au · 2026-06-11
    Optus faces an unknown bill for compensation for a privacy breach that came to light in 2019, that led to the erroneous publication of 51,000 customers' unlisted phone numbers in the White Pages direc…
  • Optus Data Breach — www.mauriceblackburn.com.au · 2026-06-11
    As at February 2026, we understand that the OAIC is actively continuing to progress the Representative Complaint. We anticipate being in a position to provide a further update shortly. Maurice Blackbu…

Timeline

  • 2015-01-01 — Breach occurs: Optus fails to communicate unlisted number preferences for customers who ported their numbers.
  • 2019-01-01 — Breach revealed: Optus inadvertently publishes unlisted phone numbers in the White Pages directory.
  • 2021-01-01 — OAIC investigation begins: The OAIC starts investigating the privacy breach involving Optus and affected customers.
  • 2026-06-11 — OAIC determination released: The OAIC concludes its investigation, confirming Optus breached the Australian Privacy Principle 11.1.
  • 2026-06-11 — Representative complaint filed: Maurice Blackburn Lawyers files a representative complaint with the OAIC for affected customers.

Related entities

  • Data Breach (Attack Type)
  • Optus (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • [email protected] (Email)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed