Former and current customers whose personal information, including key identity documents, was compromised in the Optus data breach have filed a lawsuit against the telco.
The lawsuit, brought by the law firm Slater and Gordon, representing 100,000 people, accuses Optus of violating privacy, telecommunications and consumer laws, as well as the company’s internal policies.
The Singapore-owned telco has breached its duty of care to ensure that customers do not suffer harm as a result of the unauthorized access to or disclosure of their personal information, has failed to take reasonable steps to protect customer information and has failed to disclose the personal data of destroy or de-identify former customers. information, the lawsuit alleges.
Nearly 10 million Optus customers had their personal information stolen in last year’s breach, including passport, license and Medicare data.
The lawsuit brought by class action law firm Slater and Gordon, representing 100,000 people, accuses Optus of violating privacy, telecommunications and consumer laws, as well as the company’s internal policies
Nearly 10 million Optus customers had their personal information stolen in last year’s breach, including passport, license and Medicare data
“The type of information that is made accessible puts affected customers at greater risk of being defrauded and having their identities stolen, and Optus should have taken adequate steps to avoid that,” Slater and Gordon group leader Ben Hardwick said on Friday. . .
“It is concerning that the data breach may have also compromised the safety of many particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working on the frontlines, including defense and police. .’
Approximately 20 terabytes of data, including current and former customer names, dates of birth, phone numbers and email addresses, were accessed unauthorized
A subset of the 9.8 million affected customers also had their addresses and identity document numbers compromised.
The data breach was the first in a spate of leaks and hacks last September and October that affected major Australian companies, including Medibank Private, EnergyAustralia and Woolworths.
Information from 10,200 customers was made public during ransom demands, but not a single customer had suffered any financial loss or been the victim of a crime from misuse of the data, CEO Kelly Bayer Rosmarin said last month.
The telco also offered customers free access to identity theft monitoring.
Among the 100,000 people who signed up for the class action are a domestic violence victim who spent money intended to help her children increase home security, and a retired police officer who worried his home address might be has been shared with criminals that he had disposed of.
Victims of burglary, stalking and scams also signed up because they were worried about their future.
The data breach was the first in a spate of leaks and hacks last September and October that hit major Australian companies including Medibank Private, EnergyAustralia and Woolworths
Information from 10,200 Optus customers was made public during ransom demands, but no customer had suffered any financial loss or been the victim of a crime from misuse of the data, CEO Kelly Bayer Rosmarin said last month
“Not knowing what can happen if my information is accessed and who is pursuing me,” says the lead applicant, whose identity is being kept secret.
“It feels like only a matter of time before I get ripped off or ripped off, which is a constant worry I didn’t have before being let down by Optus.”
The breach is being investigated by the Office of the Australian Information Commissioner, Australia’s media watchdog, and other agencies.
The Albanian government also established a national cybersecurity office within the Interior Ministry in February to coordinate the national response to major cyber-attacks.
