Optus hit with Slater and Gordon class action over last year’s data breach

Optus hit with Slater and Gordon class action over last year’s data breach

Telco Optus has been hit with a class action from law firm Slater and Gordon (ASX: SGH), which alleges the company failed to protect customers’ personal information from unauthorised access after a data breach in September last year.

The class action, on behalf of the 10 million current and former customers of the telco who had personal data compromised in a cyber attack, accuses the company of breaching privacy, telecommunication and consumer laws as well as internal policies.

Slater and Gordon is seeking compensation on behalf of class action members for losses the data breach caused, including time and money spent replacing identity documents in addition to other measures to protect their privacy.

The firm is also seeking damages for non-economic losses such as distress, frustration and disappointment.

Announced on 22 September last year, the telco revealed information including customer names, dates of birth, phone numbers and email addresses were accessed by an unknown number of unauthorised persons.

For a subset of customers, their addresses, ID document numbers such as drivers license, Medicare cards and/or passport numbers were also compromised.

Further, about 10,000 people had their data subsequently published online when ransom demands were made.

Slater and Gordon class actions practice group leader Ben Hardwick described what occurred as “an extremely serious privacy breach both in terms of the number of people affected and the nature of the information that was compromised”.

“Very real risks were created by the disclosure of this private information that Optus customers had every right to believe was securely protected by their telecommunications and internet provider,” Hardwick said.

“The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen, and Optus should have had adequate measures in place to prevent that.

“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.”

Specifically, Slater and Gordon alleges Optus failed to protect or take reasonable steps to protect customers’ personal information from unauthorised access or disclosure, failed to destroy or de-identify former customers’ personal information and failed to ensure that only those who had a legitimate reason for having access to customers’ personal information could access it.

So far, more than 100,000 current and former customers have registered for the class action, including a domestic violence victim who spent money that was intended for counselling for her children on increasing security measures around her house, including installing video cameras and extra locks on doors and windows.

Other class action members include a former customer who had previously been burgled and had his identity stolen and now suffers from ‘severe anxiety’ after learning his information had been shared online, as well as a stalking victim who fears her life has genuinely been put in danger by the breach.

The lead applicant said he had been left feeling ‘vulnerable, exposed and worried’ after learning his personal information had been compromised.

“Not knowing what still might happen as a result of having my information accessed and by whom haunts me,” the anonymous Victorian man said.

“I had to make a lot of calls and do a lot of running around in the aftermath of this breach to make sure my bank account and other accounts hadn’t been compromised, and I noticed I was being targeted by phishing and other scams a lot more frequently.

“It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus. I would have thought that as big a company as Optus is, there would have much better data security in place than what it turns out they had, which is pretty concerning.”

Hardwick said many affected customers had expressed frustration about Optus’ delays in providing detailed information about the privacy breach.

“Some registrants have told us they were fobbed off when they sought information from Optus about exactly what data had been exposed, and others have informed us that Optus refused to pay for credit monitoring services on the basis they were no longer Optus customers,” Hardwick said.

“There appears to have been a piecemeal response from Optus, rather than a coordinated approach that made sure everyone whose data was compromised is treated the same.

“Any suggestion that affected customers have not suffered as a result of this data breach is like rubbing salt into the wounds of those who have lived it and are continuing to deal with the fallout.”

Optus is yet to comment on Slater and Gordon’s class action.

The lawsuit is the latest class action launched against a company for failures in protecting customer data, and comes after private health insurer Medibank (ASX: MPL) was hit with three separate actions relating to a security breach last year that led to the theft of personal data from 9.7 million customers.

This includes the most recent class action from US-based Quinn Emanuel Urquhart & Sullivan which alleges the insured breached its disclosure obligations by not disclosing to the market the alleged deficiencies in its cyber security systems.

Baker McKenzie also launched a class action against Medibank earlier this year, while Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers entered into a joint cooperation agreement to run a lawsuit on behalf of the insurer’s affected customers at the beginning of 2023.

The news also comes after Gordon Legal and Hayden Stephens and Associates joined forces to investigate a potential class action against personal loans company Latitude Financial (ASX: LFS) following a recent data breach that saw approximately 7.9 million Australian and New Zealand drivers licence numbers stolen.

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

Four time-saving tips for automating your investment portfolio
Partner Content
In today's fast-paced investment landscape, time is a valuable commodity. Fortunately, w...

Related Stories

Gordon Legal and Hayden Stephens and Associates team up to investigate Latitude legal action

Gordon Legal and Hayden Stephens and Associates team up to investigate Latitude legal action

Two Australian law firms have joined forces to investigate the poss...

Bannister, Centennial investigate class action against Medibank over data hack

Bannister, Centennial investigate class action against Medibank over data hack

Update (14 November): Since this story was published, another law f...

Maurice Blackburn launches legal probe into Medibank cyberattack

Maurice Blackburn launches legal probe into Medibank cyberattack

National law firm Maurice Blackburn is spearheading the second lega...

APRA intensifies scrutiny of Medibank after major cyberattack

APRA intensifies scrutiny of Medibank after major cyberattack

The Australian Prudential Regulation Authority (APRA) has intensifi...