Optus hit with lawsuit for 2022 cyber attack
The Australian Communications and Media Authority (ACMA) has filed a lawsuit against Optus, alleging that it failed to protect its customers during its 2022 cyber attack.
The 2022 cyber attack saw the data of roughly 10 million current and former Optus customers exposed, including names, birth dates, home addresses, telephone numbers, email contacts, passport numbers and driving licences.
“The ACMA has filed proceedings in the Federal Court against Optus Mobile Pty Ltd (Optus).
“We allege that during a data breach which occurred between 17 to 20 September 2022, Optus failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access as required under the Telecommunications (Interception and Access) Act 1979 (Cth),” said the ACMA in a statement released yesterday (22 May).
“As this matter is now before the court, the ACMA will not be making any further statements at this time.”
According to media reports, Optus’ parent company, Singtel, is planning to defend against the lawsuit, saying it was not able to determine any penalties for its actions.
This is the second legal battle Optus is facing, with a Slater & Gordon class action hot on its heels, demanding compensation for those affected.
At this stage in the class action’s proceedings, Slater & Gordon is seeking permission to view a Deloitte report commissioned by Optus after the attack happened, determining what went wrong.
However, Optus has claimed legal professional privilege over the document, and despite the Federal Court rejecting the claim, the decision is being appealed and is currently before the courts.