Preliminary investigations by Optus suggest an error by an IT programmer may have inadvertently allowed cyber criminals to steal personal details of potentially millions of customers.
A senior figure inside Optus has spoken to the ABC on the condition of anonymity to offer confidential insights into the early findings uncovered by the telecommunication company's IT specialists.
"[It's] still under investigation, however, this breach, like most, appears to come down to human error," the Optus insider told the ABC.
"[They] wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA)."
The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.
Earlier today, the ABC put specific questions to Optus CEO Kelly Bayer Rosmarin about whether human error involving the company's API was behind the breach.