With the Optus data breach exposing millions of current and former customers to identity theft, law firms were circling for what many were remarking could end up being the biggest class action case in Australian legal history.
Today, law firm Slater and Gordon announced it was commencing a class action against Optus over the data breach.
On September 22, Optus disclosed it had fallen victim to a cyber attack. In the months since, we learned that information exposed in the data breach included customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers. The breach directly affected tens of thousands of Australians, and potentially exposed many more.
Slater and Gordon has issued proceedings against Optus on behalf of current and former customers whose personal information was compromised as a result.
Per a statement from the law firm, the statement of claim, which has been lodged in the Federal Court, accuses Optus of breaching privacy, telecommunication and consumer laws, as well as the company’s internal policies. The claim alleges Optus did this by failing to protect or take reasonable steps to protect customers’ personal information from unauthorised access or disclosure; failing to destroy or de-identify former customers’ personal information; and failing to ensure that only those who had a legitimate reason for having access to customers’ personal information could access it.
The law firm has also accused Optus in the class action of breaching contractual obligations to customers along with its duty of care to ensure customers did not suffer harm arising from the unauthorised access or disclosure of their personal information.
“It is claimed such harm was reasonably foreseeable if customer data was compromised,” Slater and Gordon said.
Per the claim, class action group members are seeking compensation for losses the data breach caused, including time and money spent replacing identity documents in addition to other measures to protect their privacy and prevent the increased likelihood of them falling victim to scams and identity theft.
“They are also seeking damages for non-economic losses such as distress, frustration and disappointment,” Slater and Gordon added, with the firm’s class actions practice group leader Ben Hardwick describing what occurred as “an extremely serious privacy breach both in terms of the number of people affected and the nature of the information that was compromised”.
“Very real risks were created by the disclosure of this private information that Optus customers had every right to believe was securely protected by their telecommunications and internet provider,” Hardwick said.
It’s understood that more than 100,000 of Optus’s current and former customers have so far registered for the class action. For more information, visit Slater and Gordon’s website.
This article has been updated since it was first published.