One of Australia’s largest consumer law firms is considering a class action against Optus after data belonging to millions of its customers was compromised.
Optus on Thursday revealed a cyberattack had resulted in the disclosure of personal data from as many as 9.8 million current and former customers, including driver’s licences and passport numbers for a “subset of customers”.
While the full extent of the breach is yet to be confirmed, Home Affairs minister Claire O’Neil has announced it will lead to “substantial reform” and sheeted home blame to Optus.
“Responsibility for the security breach rests with Optus and I want to note that the breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” she told parliament.
The government’s response to a data breach shaping as the largest in Australia’s history will begin with ensuring banks were informed much faster when consumer data is compromised. But the changes could be much more significant given pending reforms to privacy laws.
The Opposition has also put its ransomware bill for tougher penalties back on the table this week, reintroducing it Monday after it had lapsed with the last Parliament.
Privacy and digital rights advocates want the Optus incident to bring on more substantial reforms, like tougher penalties for failures and a direct right to action for individuals, arguing there is little reason for Optus to be storing such sensitive customer information.
Optus customers now face “very real risks” from the disclosure of their personal information, according to legal firm Slater and Gordon, which on Monday announced it is investigating a possible class action against the telco on behalf of its current and former customers.
“This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed,” Slater and Gordon class actions senior associate Ben Zocco said.
“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.”
The consumer law firm, which ran a class action against the Australian Government on behalf of asylum seekers whose data was exposed by the Department of Home Affairs, is now encouraging affected Optus customers to register their interest.
Ms O’Neil said Optus needs to support the millions of customers impacted by the breach, calling on the company to offer free fraud-monitoring services.
“One way they can do this is providing free credit monitoring to impacted customers,” she said.
“This will help protect those customers against identity theft and I call on Optus to make that commitment today.”
Shortly afterwards, Optus released a statement saying its “most affected” current and former customers will be offered a one-year credit monitoring and fraud protection service from Equifax Protect at no cost.
Do you know more? Contact James Riley via Email.