Slater and Gordon, a leading class action law firm, has taken legal action against Optus for a data breach that exposed the personal information of up to 10 million current and former customers in September 2022.
The class action accuses Optus of breaching privacy, telecommunication, and consumer laws, as well as the company’s internal policies. Slater and Gordon assert that Optus failed to protect or take reasonable steps to protect its customers’ data, failed to destroy or de-identify former customers’ personal information and failed to ensure that access to data was strictly limited.
The allegation is that Optus failed to fulfil its contractual obligations and duty of care to protect customers from harm arising from unauthorised access and disclosure of their personal information. Slater and Gordan argue that this harm was reasonably foreseeable if customer data was compromised.
Slater and Gordon Class Actions Practice Group Leader Ben Hardwick said that this was “an extremely serious privacy breach both in terms of the number of people affected and the nature of the information that was compromised”. He added, “Optus should have had adequate measures in place to prevent that”.
“Very real risks were created by the disclosure of this private information that Optus customers had every right to believe was securely protected by their telecommunications and internet provider,” said Hardwick.
“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing,” he said.
More than 100,000 current and former Optus customers have registered for the class action already, seeking compensation for losses caused by the data breach, including the time and money spent replacing identity documents, measures to protect their privacy, and damages for non-economic loss such as distress, frustration, and disappointment.
The lead applicant, a Victorian man who wishes to remain anonymous due to privacy concerns, said that he had been left feeling “vulnerable, exposed, and worried” after learning his personal information had been compromised.
“It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus,” he said.
It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus.
Lead applicant from Victoria
“It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus,” said the Victorian applicant.
“I would have thought that as big a company as Optus is, there would have much better data security in place than what it turns out they had, which is pretty concerning,” he said.
Another lead applicant, a woman from Queensland who also chose to remain anonymous, is one of the many thousands of affected Optus customers whose ID documents had to be replaced.
“It was incredibly stressful trying to get answers from Optus about what information had been exposed and then taking action to rectify the damage so I could try to stop anything else from happening,” said the Queensland applicant.
“I spent a lot of time changing passwords to all of my accounts, have been constantly checking that money hasn’t been stolen, and making sure I’ve done everything I can to protect myself,” she said.
“One of the worst aspects of all this was the fact that I had no control over what had happened, so it’s been pretty overwhelming.”