“The system is broken”: Victims of Latitude data breach left unanswered by OAIC

“The system is broken”: Victims of Latitude data breach left unanswered by OAIC

More than a year since announcing it would launch a class-action lawsuit against Latitude (ASX: LFS) for a data breach that exposed 14 million personal documents, Melbourne-based law firm Gordon Legal says it has been left in the dark as to whether its complaint will be investigated by the nation’s privacy watchdog.

Gordon Legal, which initiated the legal proceedings in partnership with Hayden Stephens and Associates (HSA), said it has contacted the OAIC (Office of the Australian Information Commissioner) on at least six occasions to request an update on the progress of its representative complaint.

In the latest correspondence received about a month ago, the OAIC said it was still taking time to consider whether it would accept the complaint.

“This isn't even a year to investigate the complaint - it's just to tell us it's going to be accepted for investigation. It is excessive, and it is really difficult for everyone to sit in limbo for a year while you wait for the organisation that was designed to deal with these complaints,” Gordon Legal associate Aimee Dartnell told Business News Australia.  

“Registrants have been telling us that they still experiencing attempts to hack their accounts. Some of them have told us that there were attacks on their bank accounts, and that caused a lot of financial stress. They really want answers.

“They want us to be able to tell them what their rights are and what's going to happen and it's been very difficult for us to do that.”

When the law firm requested a timeline as to how long the process would take, they were left unanswered by the privacy watchdog. The firm is representing approximately 75,000 people in the lawsuit.

Personal data stolen in the breach included almost 8 million Australian and New Zealand drivers licence numbers, 53,000 passport numbers, less than 100 customer financial statements and 6.1 million records containing personal information including names, addresses, telephone numbers and dates of birth.

“To date, the Commissioner has refused to confirm whether the complaint has been accepted, and ignored our requests for a timeline for considering the complaint that was filed more than a year ago,” a spokesperson for the law firm said.

“The OAIC was created to make the process for dealing with privacy claims more efficient.

“But the system is broken. The Latitude data breach had a significant impact on people, and they deserve to have their complaints heard. This is incredibly frustrating process and is making it difficult for us to give meaningful updates to our registrants who are waiting for answers.”

Exactly a year ago, the OAIC announced it would enter a joint investigation with the New Zealand Office of the Privacy Commissioner (OPC) to scrutinise the Latitude (ASX: LFS) cyberattack that resulted in 14 million personal documents being stolen.

While both agencies have joined forces to improve the efficiency of the investigation, they are free to make different findings.

If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $50 million for each contravention.

Since the initial announcement, few updates on the investigation have been provided by the privacy watchdog.

Based on the OAIC website, the most recent mention of the Latitude data breach was in a media release published in late 2023, which acknowledged that between April 2023 and December 2023, the OAIC’s “consideration of the representative complaints and engagement with the representative complainants continues.”

Business News Australia has requested comment from the OAIC.

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

WorldFirst offers fast and secure cross-border payments to boost global sales for SMEs
Partner Content
WorldFirst, a one-stop digital payment and financial services platform for global busin...
Advertisement

Related Stories

The Star’s licence in jeopardy as NSW casino watchdog issues 'show cause' notice

The Star’s licence in jeopardy as NSW casino watchdog issues 'show cause' notice

The Star Entertainment Group (ASX: SGR) has been hit with a “...

“Economic storm”: Report reveals Australian retailers unlikely to bounce back until late 2025

“Economic storm”: Report reveals Australian retailers unlikely to bounce back until late 2025

A recent report published by major finance firm KPMG Australia reve...

Modular data centre developer DXN taps into demand for agile IT infrastructure

Modular data centre developer DXN taps into demand for agile IT infrastructure

While data centre giants such as NEXTDC (ASX: NXT) and AirTrunk are...

Atomos puts to bed two years of turbulence after settlement with ex-CEO Estelle McGechie

Atomos puts to bed two years of turbulence after settlement with ex-CEO Estelle McGechie

Video technology innovator Atomos (ASX: AMS) has settled a long-run...