'Wake-up call for corporate Australia': 100,000 people join Optus data breach class action

Nearly 10 million current and former customers' personal data was accessed by cybercriminals following the hack in September 2022.

Optus storefront

A class action has been launched over the 2022 Optus data breach. Source: AAP / Bianca De Marchi

Key Points
  • A class action is being launched in Australia's federal court over the 2022 Optus data breach.
  • Almost 10 million customers' personal details were compromised and 10,000 were published on the dark web.
  • The class action alleges Optus failed to protect its customers and breached its duty of care.
A class action against Optus over will ask the courts to put a price on Australians' privacy and is expected to serve as a wake-up call to the corporate world.

The telco giant is facing a suit filed by class action law firm Slater and Gordon, representing 100,000 people and accusing Optus of breaching privacy, telecommunication and consumer laws as well as the company's internal policies.

While Optus has said no customers fell victim to financial loss or crime as a result of , the law firm argues privacy is essentially priceless, and "time is money" after people were forced to take multiple steps to protect themselves after their information was stolen.
The hack has also caused many customers anxiety and distress, Slater and Gordon class actions practice group leader Ben Hardwick said.

"This will be a wake-up call for corporate Australia that ... when we entrust it with our driver's licence, with our passport, with our private information, it has an obligation to protect that information and to delete that information when it's no longer required to be kept," Mr Hardwick said.

"We will be seeking a substantial sum of compensation in these proceedings.

"We will be asking the court to make a determination about what is the value of Australians' privacy."

Some 100,000 people contacted Slater and Gordon about the class action, making it the largest ever response received by the firm, Mr Hardwick said.
The Singapore-owned telco breached its duty of care to ensure customers did not suffer harm arising from the unauthorised access or disclosure of their personal information, did not take reasonable steps to protect customer information and failed to destroy or de-identify former customers' personal information, the lawsuit alleges.

"Optus really should have had better systems in place to lock down the information of everyday Australians," Mr Hardwick said.

Almost 10 million Optus customers had their personal information stolen during , including passport, licence and Medicare details.

The leak put customers at a higher risk of scams and having their identities stolen, Mr Hardwick said. It also potentially jeopardised "vulnerable" customers' safety.

Who is part of the class action?

Among the 100,000 people who registered for the class action was a domestic violence victim who spent money intended for counselling for her children on increasing security around the house, and a retired police officer concerned his home address may have been shared with criminals he'd put away.

"The release of this data has potentially breached the safety of me and my children," one customer said.

"I've spent every day basically anxious, just wondering if my details were going to fall into the wrong hands."

The lead applicant, whose identity is being kept secret, added: "It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn't have before I was let down by Optus."
Victims of burglary, stalking and scam calls also signed up after being concerned about their security.

About 20 terabytes of data were improperly accessed including current and former customers' names, dates of birth, phone numbers and email addresses

A subset of the 9.8 million affected customers also had their addresses and identity document numbers compromised.

The class action also includes a number of entities in the Optus Group, including Singtel Optus, Optus Mobile, Optus Internet, Optus Networks, Optus ADSL and Optus Satellite.

The data breach was the first of a wave of leaks and hacks in September and October that hit major Australian corporations including , EnergyAustralia, and .
An Optus spokesperson told SBS News the company was aware of the class action.

"As indicated previously, Optus will vigorously defend any such proceedings." the spokesperson said.

The breach is being investigated by the Office of the Australian Information Commissioner, Australia's telecommunications watchdog and other agencies.

How can you join the class action against Optus?

Australia's class action regime is opt-out, meaning Optus customers do not need to register to be part of the lawsuit.

Slate and Gordon say customers who want to receive updates .

Readers seeking support with mental health can contact Beyond Blue on 1300 22 4636. More information is available at . supports people from culturally and linguistically diverse backgrounds.

Share
4 min read
Published 21 April 2023 8:30am
Updated 24 April 2023 6:32pm
Source: AAP, SBS



Share this with family and friends