Yahoo Finance Optus hit with lawsuit over data breach
Australia’s communications and media watchdog has launched legal action against Optus over the 2022 data breach, in the latest blow for Australia’s second biggest telco.
The Australian Communications and Media Authority has filed proceedings in the Federal Court, alleging Optus “failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access” as required under the Telecommunications Act.
“As the matter is now before the court, the ACMA will not be making any further statements at this time,” the watchdog said.
About 10 million current and former Optus customers were caught up in the September 2022 breach, with personal information including names, dates of birth, phone numbers and email addresses exposed over three days.
Some customers had their addresses and drivers licences and passports exposed.
In a statement on Thursday, Optus said at this stage it could not “determine the quantum of penalties, if any, that could arise” and declared its intent to defend the proceedings.
“Optus has previously apologised to its customers and has taken significant steps, including working with the police and other authorities, to protect them,” the statement said.
“It has also reimbursed customers for the cost of replacing identity documents.”
During the breach, the hackers demanded a $1.5m ransom to stop the data from being sold online, before the thieves deleted the notice and apologised.
The breach resulted in tougher penalties for serious or repeated breaches of customer data, with organisations now facing fines of more than $50m if they fail to adequately.
The telco’s former chief executive Kelly Bayer Rosmarin resigned in November, after presiding over the data breach and the subsequent mass outage a year later.
Optus’ parent company, Singapore based Singtel, reported a 64 per cent drop in its full-year net profit after being hit by a $3.5bn impairment charge, mostly related to Optus.
