World NewsAustralia News

100,000 Customers Sue Optus Over Massive Data Breach

Save
100,000 Customers Sue Optus Over Massive Data Breach
General view of an Optus store in Sydney, Australia on Sept. 22, 2022. AAP Image/Bianca De Marchi
Alfred Bui
Updated:

Over 100,000 former and current Optus customers affected by a massive data breach in 2022 have taken court action against the Australian telco giant.

On April 21, law firm Slater and Gordon announced that it had launched a class action lawsuit on behalf of Optus customers whose personal information was compromised when a group of foreign criminals hacked into the company’s database in September 2022.

The company accused Optus of breaching privacy, telecommunication and consumer laws by failing to protect customers’ personal information from unauthorised access.

Slater and Gordon also claimed that Optus did not destroy or de-identify former customers’ personal information and failed to ensure that customers’ personal information could only be accessed by people with authority.

Millions of Customers Affected by the Data Breach

While over 100,000 Optus customers have joined the lawsuit, they are just a small proportion of the 10 million Australians who had their personal information stolen, including passport, licence and Medicare details.
“The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen, and Optus should have had adequate measures in place to prevent that,” Slater and Gordon class actions practice group leader Ben Hardwick said in a statement.

“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.”

In October 2022, Optus confirmed that 1.2 million current driver’s licence numbers and 900,000 expired ones were exposed in the aftermath.

Later, the company admitted that attackers got access to about 20 terabytes of data.

However, it said most of the customer details in the stolen data were not particularly sensitive and that no Optus customer suffered financial harm due to the hack, including the 10,200 customers whose personal information was posted on the dark web.
The Optus hack was the first incident that sparked a wave of data breaches targeting major Australian corporations and government agencies in the following months, including private insurance company Medibank, the Department of Defence, financial service firm Latitude and supermarket chain Woolworths.

What the Plaintiffs Say

In announcing the lawsuit, Slater and Gordon cited the experience of Optus customers who have gone through trouble and hardship as a result of the data breach.

One former Optus customer who was burgled and had his identity stolen suffers severe anxiety after discovering his personal information had been shared online.

A retired police officer was concerned that his home address might be exposed to the criminals whom he had dealt with.

An Optus public service message is displayed inside an Optus store in Sydney, Australia, on Oct. 5, 2022. (Brendon Thorne/Getty Images)
An Optus public service message is displayed inside an Optus store in Sydney, Australia, on Oct. 5, 2022. Brendon Thorne/Getty Images
“I had to make a lot of calls and do a lot of running around in the aftermath of this breach to make sure my bank account and other accounts hadn’t been compromised, and I noticed I was being targeted by phishing and other scams a lot more frequently,” says the lead applicant, who requested his identity be kept secret due to safety reasons.

“It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus.”

Another affected Optus customer who had to replace ID documents said the whole ordeal was very stressful.

“It was incredibly stressful trying to get answers from Optus about what information had been exposed and then taking action to rectify the damage so I could try to stop anything else from happening,” the Queensland woman said.

“I spent a lot of time changing passwords to all of my accounts, have constantly been checking that money hasn’t been stolen, and making sure I’ve done everything I can to protect myself.

“One of the worst aspects of all this was the fact that I had no control over what had happened, so it’s been pretty overwhelming.”

Optus’ Response

Following Slater and Gordon’s announcement, an Optus spokesperson told The Epoch Times that the company was aware of the lawsuit.

“Slater & Gordon has advised Optus that it has filed a class action with the Federal Court in relation to the criminal cyber-attack undertaken against Optus in September last year,” the spokesperson said.

“As indicated previously, Optus will vigorously defend any such proceedings.”

The lawsuit is funded by a litigation funder, and the plaintiffs do not have to pay any out-of-pocket fees.

However, they are required to pay a commission to the funder if the lawsuit is successful.

Alfred Bui
Alfred Bui
Author
Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].
Related Topics