AIC Takes Optus to Court Over Massive Data Breach

The Australian Information Commissioner (AIC) has launched legal action against the telco in the Federal Court over the massive 2022 cyberattack that exposed the personal details of millions of customers.

The hack saw unauthorised access to sensitive information — including names, dates of birth, phone numbers, and even passport numbers — for current, former, and even prospective Optus customers. Some of that data later ended up on the dark web.

According to the AIC, from October 2019 to September 2022, Optus failed to take reasonable steps to protect the personal information of around 9.5 million Australians.

“Organisations hold personal information within legal requirements and based upon trust,” said AIC Elizabeth Tydd. “If they don’t act accordingly, we will step in to secure those rights.”

The potential penalties are eye-watering — the Federal Court can issue fines of up to $2.22 million per breach, and with 9.5 million alleged breaches, the total could reach into the tens of millions.

Optus says it’s reviewing the claims.

“Optus apologises again to our customers and the broader community that the 2022 cyberattack occurred,” a spokesperson said. “We strive every day to protect our customers’ information and have been working hard to minimise any impact.”

With the case now before the courts, the company isn’t making further public comment — but this legal battle is set to be one of the biggest privacy cases Australia’s ever seen.

Stay tuned with Aus News Lanka – the leading platform for news for Australians.