Optus faces class action lawsuit after personal information of 9.8 million customers stolen in cyberattack

A class action could be launched against Optus following a massive data breach that compromised the personal information of nearly ten million customers across the country.

Law firm Slater and Gordon announced on Monday it is investigating a class action lawsuit on behalf of current and former customers involved in last week’s cyber attack.

Slater and Gordon senior associate Ben Zocco said while Optus was yet to confirm the circumstances that led to the breach, the firm was assessing “possible legal options” for affected customers.

“This is potentially the most serious privacy breach in Australian history, both in terms of the number of people affected and the nature of the information disclosed,” Mr Zocco said.

Stream more on politics with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends October 31, 2022

“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behavior, and people who are seeking or have previously sought asylum in Australia.

Mr Zocco said given the type of information that has been leaked, people “can’t simply heed Optus’ advice to be on the look-out for scam emails and text messages.”

“Very real risks are created by the disclosure of their personally identifiable information, such as addresses and phone numbers,” he said.

“The fact that some customers appear to have had identification information such as drivers’ license and passport numbers disclosed is extremely concerning.

“This information alone would go a long way in allowing a criminal to steal an affected customer’s identity.”

Optus CEO Kelly Bayer Rosemary on Friday said customers’ personal information, which includes their passport, driver’s license, email, home address, date of birth and phone number, were accessed in a “sophisticated” cyber attack.

She said reports that 9.8 million personal records had been compromised was the “worst case scenario” and that no payment details or passwords were taken in the cyberattack.

But Home Affairs Minister Clare O’Neil has hit out at Optus, saying it was not a “sophisticated” attack but a “basic” one that should not have happened.

Ms O’Neil said there needs to be a “good thorough look” into the end-to-end management of Optus and blamed both the company and former government for not having enough “power” to respond.

“Optus need to communicate clearly to their customers about exactly what information’s been taken from specific individuals, and then needs to assist and support customers,” she told ABC’s 7:30 on Monday night.

“The previous government put in place a very significant piece of legislation that I think was a very good start, but it didn’t bring telecommunications companies into that legislation.

“What it’s meant is that I am more limited with telecommunications companies in terms of the powers that I have.

“The reason that it did that is because, at the time, the telecommunications sector said, ‘Don’t worry about us – we’re really good at cybersecurity. We’ll do it without being regulated’.”

Optus said it was taking further steps to help reduce the identity theft and has offered its most affected customers a 12-month subscription to Equifax Protect – a credit monitoring and identity theft protection service.

Comments are closed.