Former and current customers whose personal information including key identity documents was compromised during the Optus data breach have launched a lawsuit against the telco, AAP reports.
The suit, filed by class action law firm Slater and Gordon and representing 100,000 people, accuses Optus of breaching privacy, telecommunication and consumer laws as well as the company’s internal policies.
The Singapore-owned telco breached its duty of care to ensure customers did not suffer harm arising from the unauthorised access or disclosure of their personal information, did not take reasonable steps to protect customer information and failed to destroy or de-identify former customers’ personal information, the lawsuit alleges.
Almost 10 million Optus customers had their personal information stolen during last year’s breach, including passport, driver’s licence and Medicare details.
Slater and Gordon class actions practice group leader Ben Hardwick said:
The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen, and Optus should have had adequate measures in place to prevent that.
Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.
Information from 10,200 customers was exposed publicly during ransom demands, but no customer had suffered any financial loss or fallen victim to a crime through misuse of the data, the chief executive of Optus, Kelly Bayer Rosmarin, said last month. The telco also offered customers free access to identity theft monitoring.
Among the 100,000 people who registered for the class action is a domestic violence victim who spent money intended for counselling for her children on increasing security measures around the house, and a retired police officer concerned his home address may have been shared with criminals he’d put away.
Victims of burglary, stalking and scam calls also signed up after being concerned about their future.
The lead applicant, whose identity is being kept secret, said:
Not knowing what still might happen as a result of having my information accessed and by whom haunts me. It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus.
The breach is being investigated by the Office of the Australian Information Commissioner, Australia’s media watchdog and other agencies.
The Albanese government in February also set up a national cyber security office within the Department of Home Affairs to co-ordinate the national response to major cyber attacks.