A leading law firm has launched class action against Optus on behalf of current and former customers whose personal information was compromised in the September data breach.

Slater and Gordon’s statement of claim, lodged in the Federal Court, accuses the company of breaching privacy, telecommunication and consumer laws as well as its internal policies by:

• Failing to protect or take reasonable steps to protect customers’ personal information from unauthorised access or disclosure;
• Failing to destroy or de-identify former customers’ personal information; and
• Failing to ensure that only those who had a legitimate reason for having access to customers’ personal information could access it.

Optus has also been accused of breaching contractual obligations to customers along with its duty of care to ensure they did not suffer harm arising from the unauthorised access or disclosure of their personal information.

It is understood group members, comprising many people in the Hunter, are seeking compensation for losses the data breach caused, including time and money spent replacing identity documents in addition to other measures to protect their privacy and prevent the increased likelihood of them falling victim to scams and identity theft.

They’re also seeking damages for non-economic losses such as distress, frustration and disappointment.

Optus announced on 22 September that the personal information of up to 10 million of its current and former customers had been compromised in a cyberattack.

The telco revealed information including customer names, dates of birth, phone numbers and email addresses were accessed by, and/or disclosed to, an unknown number of unauthorised persons.

For a subset of customers, their addresses, ID document numbers such as driver’s licence, Medicare cards and/or passport numbers had also been compromised.

The personal information of more than 10,000 customers was subsequently published online when ransom demands were made.

Slater and Gordon class actions practice group leader Ben Hardwick described what occurred as “an extremely serious privacy breach both in terms of the number of people affected and the nature of the information that was compromised”.

“Very real risks were created by the disclosure of this private information that Optus customers had every right to believe was securely protected by their telecommunications and internet provider,” he explained.

“The type of information made accessible put affected customers at a higher risk of being scammed and having their identities stolen.

“Optus should have had adequate measures in place to prevent that.

“Concerningly, the data breach has also potentially jeopardised the safety of a large number of particularly vulnerable groups of Optus customers, such as victims of domestic violence, stalking and other crimes, as well as those working in frontline occupations including the defence force and policing.”

He said more than 100,000 of Optus’s current and former customers had so far registered for the class action.

Among that group were:

• A domestic violence victim who spent money that was intended for counselling for her children on increasing security measures around the house, including installing video cameras and extra locks on doors and windows;
• A former Optus customer who had previously been burgled and had his identity stolen who now suffers severe anxiety after learning his personal information had been shared online;
• A stalking victim who takes extreme measure to maintain her privacy, especially her address, who fears her life has genuinely been put in danger by the data breach;
• A woman who is now too fearful to answer the telephone after noticing an increase in scam phone calls following the Optus cyberattack; and
• A retired police officer concerned that his home address may have been shared with criminals he was involved in the prosecution and incarceration of.

Mr Hardwick said many of the affected customers had expressed frustration about Optus’s delays in providing detailed information about the privacy breach, and inconsistencies with how the telco was treating one affected customer to the next.

“Some registrants have told us they were fobbed off when they sought information from Optus about exactly what data had been exposed, and others have informed us that Optus refused to pay for credit monitoring services on the basis they were no longer Optus customers,” he added.

“There appears to have been a piecemeal response from Optus, rather than a coordinated approach that made sure everyone whose data was compromised is treated the same.

“Any suggestion that affected customers have not suffered as a result of this data breach is like rubbing salt into the wounds of those who have lived it and are continuing to deal with the fallout.”

For more information about the class action, visit: https://www.slatergordon.com.au/class-actions/current-class-actions/optus-data-breach

For more news stories:

• PRIME hydration drinks’ hype running dry at NSW schools
• Going, going, gone – East End demolition accelerates
• Hunter drivers urged to be cautious over Anzac Day weekend

Get all the latest Newcastle news, sport, real estate, entertainment, lifestyle and more delivered straight to your inbox with the Newcastle Weekly Daily Newsletter. Sign up here.