Talk:2022 Optus data breach/GA1

GA Review
The edit link for this section can be used to add comments to the review.''

Reviewer: Vaticidalprophet (talk · contribs) 18:50, 7 June 2023 (UTC)

This is solid work, especially for a first stab at the GA process. I looked it over at the PR, but wasn't able to comment at the time.

The biggest issue you have is the lead. Leads are tricky and neglecting them common, but all data on how readers engage with Wikipedia consistently presents them as the most important part of the article; in mobile view, for instance, 60% of readers only see the lead and don't open any of the sections. This article is over 1700 words, but has two sentences for a lead. You easily have the content for 2-3 paragraphs summarizing the article.

There are a few other points to make, but I'll go line-through-line once the lead expands somewhat, because the prose might be too subject to change before then. Vaticidalprophet 18:50, 7 June 2023 (UTC)


 * Thank you for the feedback. I first created the article as a stub, and as it grew, I forgot about the lede. I'll fix that now. JML1148 (talk &#124; contribs) 07:26, 8 June 2023 (UTC)
 * I've extended the lede so that it gives a good summary of the article. JML1148 (talk &#124; contribs) 08:02, 8 June 2023 (UTC)
 * Fantastic to see. Starting to comb through a little...

Lead

 * The 2022 Optus data breach occurred in September 2022 to Australian telecommunications company Optus -- This is the kind of article for which MOS:BOLDTITLE notes traditional 'article titles followed by summaries' sound a bit awkward. There aren't many high-quality articles about data breaches to compare to. It may be better to write this in a way that doesn't focus on getting the exact words "2022 Optus data breach" in; alternatively, if you want to retain the title, it could be rephrased to mention the importance of the breach and then get into 'dates and players' in the next sentence. ✅ Merged and reworded the first two sentences. JML1148 (talk &#124; contribs) 00:48, 10 June 2023 (UTC)
 * Watch for use of 'however', which is generally superfluous, and definitely so in both contexts you've put it. Commas also may not necessarily be the ideal way of breaking up these sentences (Conflicting claims have been made about how the breach happened; Optus presented it as a complicated attack on their systems, while an Optus insider and the Australian government have ascribed it to human error). ✅ Removed all appearences of "however". JML1148 (talk &#124; contribs) 00:48, 10 June 2023 (UTC)
 * "Government" in this context usually shouldn't be capitalized; it is in the house style of most Australian publications, but Wikipedia's house style doesn't call for it in e.g. the contexts used in the second paragraph. ✅ JML1148 (talk &#124; contribs) 00:48, 10 June 2023 (UTC)
 * Keep in mind (this also plays into the previous point) that readers for this article won't be exclusively Australian, even if they're disproportionately so. It's worthwhile contextualizing e.g. how big a deal Optus is, how big a deal that number of people is, what being a Minister for Government implies (although the links do a decent job of contextualizing that). The best advice there is on writing Wikipedia articles is that the reader is "an intelligent fourteen-year-old", someone bright and curious but with little prior knowledge. ✅ Added a bit about how big Optus is and the amount of population affected. JML1148 (talk &#124; contribs) 00:48, 10 June 2023 (UTC)
 * Note WP:LEADCITE. I haven't checked in-depth yet if all of these statements are in the body or if any are only in the lead, but the ones that are in the body don't need to have the citation repeated in the lead, excluding direct quotes (of which there are none). ✅ Two things that appeared only in the lede, everything else was cited later in the article. JML1148 (talk &#124; contribs) 00:48, 10 June 2023 (UTC)
 * Tricky for an article like this, I know, but any thoughts on lead images? Commons has some nice photos of various Optus state headquarters. ❌ I did add an image further down of their main headquaters where it is mentioned, but I don't see the point of adding images where they take up space and don't add much to the article. JML1148 (talk &#124; contribs) 00:54, 10 June 2023 (UTC)

More to come. Vaticidalprophet 09:06, 9 June 2023 (UTC)


 * I've responded to everything. JML1148 (talk &#124; contribs) 00:55, 10 June 2023 (UTC)
 * Good to see. I've made a few minor copyedits in the first half of the article; almost all of them are subjective/things you can feel free to revert, with the only real exception being MOS:LQ. They're just elements that stood out to me, but that would feel nitpicky mentioned in the GAN. I also placed a couple of cleanup tags when checking sources:
 * The ABC article used to support that Optus 'published information' doesn't suggest they revealed any significant information not previously known -- they make a statement, but not in any particular depth, and it's just as subjective/arguable as their other statements. Is there any evidence they released anything more than that? Otherwise, it might be better to use a different wording.
 * Do we know much about the "some cybersecurity experts" statement?
 * I also noticed (though didn't get to proofreading that far yet) that "SOCI laws" is given as an acronym in the lead, but the acronym is only used once in the body of the article. Does this need to be acronymed? Vaticidalprophet 20:50, 10 June 2023 (UTC)
 * Thanks for the copyedit to clean up the wording. I've changed the 'published information' part of the sentence to reflect better what was said in the source, and removed the acronym. Unfortunately we don't know about the 'cybersecurity experts' part, all the source says is 'Some cyber security experts believe the account is legitimate.' JML1148 (talk &#124; contribs) 00:04, 11 June 2023 (UTC)
 * Great to see -- I've copyedited a little more towards logical quotation. I noticed while doing so that the article makes heavy use of quotes, possibly moreso than justified (e.g. some of the quoted statements are fairly routine and could be rephrased in your own words). Treasurer Jim Chalmers stated that "These new measures will assist in protecting customers from scams, and in system-wide fraud detection" seems to be a statement where you can summarize why Chalmers wanted these changes rather than just quote him on it, for instance, and Optus CEO Kelly Bayer Rosmarin apologised for the attack on behalf of the company, saying that "We are deeply sorry" seems a little obvious (shouldn't something like that be assumed to appear in the statement?). I'd recommend going through the use of quotes to see which are justified. Vaticidalprophet 09:32, 11 June 2023 (UTC)
 * I've removed some of the quotes that weren't really necessary, and summarised them. Thanks for the suggestion. JML1148 (talk &#124; contribs) 04:45, 12 June 2023 (UTC)

Later sections
A few bullet points:
 * There's some minor confusion around the article in terms of high-estimate-victim-counts -- I usually see the upper end quoted as 9.8 million rather than 9.7? Rather marginal, I know.
 * The article is a little inconsistent on how it refers to currencies -- see MOS:CURRENCY for the guideline here. The currency template can help.
 * The discussion of the government response doesn't mention that some states (I know Vic did?) changed their license designs following the breach to nominally make them harder to compromise, which seems worth noting.
 * Similarly, it might be due to include the discussions about how states offered to replace licenses but not proof of age cards -- I saw this discussed a fair bit, but I'm not sure how much RS coverage it got. Worth looking into?

The one aspect of the article I'm most concerned about, outside of bullet points, is the coverage of Dennis Su. This is tricky -- he's a very young man and a low-profile individual, but he's nonetheless the current best-known case of someone actually trying to exploit the hack, so he does need to come up. It'll be worth keeping an eye on this section as the months/years go by; many articles about events devolve over the long term into "lists of things that happened", and as well as maintaining it to prevent that, a time will probably come where having a whole paragraph about Su isn't called for anymore.

The big phrasing that sticks out to me is "avoided jail", which is the term the news media uses, but not an accurate reflection of how criminal sentencing works in this country -- the chances of a young first offender who pleaded guilty doing what he did going to prison are basically negligible. The phrasing gives the same impression as a lot of media reporting on court cases that Su had a real chance of going to prison that he "avoided"/"got off lightly", especially juxtaposed with the mention of the extremely high but contextually theoretical maximum sentence. It's definitely worth using an alternative phrasing here, and also contextualizing what a community corrections order is (our article on probation is...terrible, but maybe not worse than nothing?). <b style="color:black">Vaticidal</b><b style="color:#66023C">prophet</b> 20:08, 13 June 2023 (UTC)


 * I've done all of the changes you've suggested, except the suggestions for article expansion, which I'll do soon. With Dennis Su, I changed the wording to "did not go to" jail, and removed the maximum sentence part, along with the wikilink to probation. JML1148 (talk &#124; contribs) 07:24, 14 June 2023 (UTC)
 * I found something for the change of license design (a second number), but I couldn't find any RS that discussed the proof of age thing. JML1148 (talk &#124; contribs) 10:43, 15 June 2023 (UTC)
 * That's fine, ! The article looks good, and I'm happy to pass it.
 * One thing I'd strongly recommend for this article is to take it to WP:DYK. Partially this is just because DYK is an interesting process that it's a good thing to get a sense of (regardless of whether you choose to participate in it frequently or not), and has a fairly obvious reward (main page attention), but more significantly because the search engine hits for this article have a common problem for articles made about high-profile subjects somewhat later than the peak of attention on them. The article doesn't appear on the first page of results for many related search terms (if you type exactly "2022 optus data breach" it does, but more natural search phrases like "optus leak" or "optus breach" don't), which significantly lowers its overall views. Putting articles on DYK and the front page gives them a lot of hits in a short period of time, which in situations like this increases their page ranking and views a lot -- I've had similar articles go from ~5-10 views a day to ~100-150 under that circumstance. Just a recommendation. <b style="color:black">Vaticidal</b><b style="color:#66023C">prophet</b> 17:42, 15 June 2023 (UTC)
 * Thank you for the review, and the DYK suggestion. Would like to ask you a question - is there anything that stands out to you that could make a good hook? JML1148 (talk &#124; contribs) 06:35, 16 June 2023 (UTC)
 * The scope of the breach is probably the biggest one for an international audience -- "nearly half the adult population" has been hammered in to Australians already, but the main page is global and a lot of people will be seeing it for the first time. Good job on the article! <b style="color:black">Vaticidal</b><b style="color:#66023C">prophet</b> 01:42, 17 June 2023 (UTC)
 * Thanks for the review, and the DYK advice. I'll put in a DYK nom tomorrow. JML1148 (talk &#124; contribs) 11:15, 17 June 2023 (UTC)