More than 100,000 Optus customers have launched legal action against the telco in the wake of a cyberattack, alleging the company failed to protect their personal information.
The class-action was filed in the Federal Court by law firm Slater and Gordon on Friday, who claim the breach created “very real risks” to Optus‘ current and past customers.
“The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen, and Optus should have had adequate measures in place to prevent that,” class actions practice group leader Ben Hardwick said.
“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.”
In a statement of claim, the lawsuit alleges Optus failed to protect customers personal information from unauthorised access, failed to destroy former customers’ information, and failed to ensure it could only be accessed for legitimate reasons.
The lawsuit seeks compensation for the time and money spent replacing documents and protecting privacy, alongside damages for distress, frustration and disappointment.
The lead applicant, who does not wished to be named out of fear of being targeted, said the September 22, 2022, breach left him feeling “vulnerable, exposed and worried”.
“Not knowing what still might happen as a result of having my information accessed and by whom haunts me,” he said.
“It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before.”
Kate, a domestic violence survivor whose name has been changed, said she had spent almost every day since anxious her details would fall into the wrong hands.
“The release of this data has potentially breached the safety of me and my children,” she said.
“I would just like Optus to acknowledge it is more than an inconvenience, it has affected so many people so deeply.
“It’s just consistent and ongoing and we always have to be aware and vigilant.”
Mr Hardwick said Optus’ approach to the hack appeared “piecemeal”, alleging some affected had been refused assistance because they were no longer customers.
“Any suggestion that affected customers have not suffered as a result of this data breach is like rubbing salt into the wounds of those who have lived it and are continuing to deal with the fallout,” he said.
An Optus spokesperson said they were aware of the class action and would challenge the lawsuit.
“Slater and Gordon has advised Optus that it has filed a class action with the Federal Court in relation to the criminal cyber-attack undertaken against Optus,” the spokesperson said.
“As indicated previously, Optus will vigorously defend any such proceedings.”
Personal information of approximately 9.8 million customers were affected, Optus announced after the incident, including about 10,000 customers whose data was exposed online.
The following month the company announced it had commissioned Deloitte to conduct an independent review of the attack and it’s security systems.
Chief executive Kelly Bayer Rosmarin said the company was “determined to find out what went wrong”.
“We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people,” she said.