Optus faced a class action lawsuit over a data breach in 2019 that affected 10 million customers
Former and current customers whose personal information, including important identity documents, was compromised during the Optus data breach have filed a lawsuit against the telco.
The lawsuit, filed by class firm Slater and Gordon and representing 100,000 people, alleges Optus violated privacy, telecommunications and consumer laws, as well as the company’s internal policies.
The Singapore-based telecom company failed to exercise due diligence to ensure customers did not suffer harm from unauthorized access or disclosure of their personal information, failed to take reasonable steps to protect customer information, and failed to destroy or destroy the personal information of former customers to anonymize information, the lawsuit alleges.
Watch the latest news on Channel 7 or stream for free on 7plus >>
The personal information of nearly 10 million Optus customers was stolen during last year’s breach, including passport, license and Medicare details.
“The nature of the information made available puts affected customers at greater risk of being defrauded and having their identity stolen, and Optus should have taken reasonable steps to prevent this,” said Ben Hardwick, head of class action for Slater and Gordon, am Friday .
“Of concern, the data breach may have also jeopardized the security of a large number of vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crime, and those working on the front lines, including the armed forces and police .”
About 20 terabytes of data was compromised, including current and former customer names, dates of birth, phone numbers and email addresses
A subset of the 9.8 million customers affected also had their addresses and ID numbers compromised.
The breach was the first in a wave of leaks and hacks last September and October that hit major Australian companies like Medibank Private, EnergyAustralia and Woolworths.
Information from 10,200 customers has been publicly disclosed in ransom demands, but no customer has suffered financial loss or been the victim of a crime as a result of data misuse, CEO Kelly Bayer Rosemary said last month.
The telecom company also offered its customers free access to identity theft monitoring.
Among the 100,000 people who have signed up for the class action lawsuit are a domestic violence victim who spent money advising her children about increasing security around the home, and a retired police officer who feared his home address might be been shared with criminals.
Victims of break-ins, stalking, and scam calls also came forward with concerns about their future.
“Not knowing what else could happen by accessing my information and by whom haunts me,” says the lead applicant, whose identity is being kept secret.
“It feels like it’s only a matter of time before I get scammed or scammed, which is a constant worry that I didn’t have before I was let down by Optus.”
Optus confirmed on Friday that it had been notified of the filing of the class action lawsuit related to “the criminal cyberattack” against the company.
“As previously mentioned, Optus will vigorously defend such proceedings,” a spokesman said.
The breach is being investigated by the Australian Information Commissioner’s Office, the Australian Media Regulatory Authority and other authorities.
The Albanian government also established a national cybersecurity office within the Ministry of Interior in February to coordinate the national response to major cyberattacks.
