A class action could be launched against Optus after private information about millions of customers was accessed in a cyber attack.
Subscribe now for unlimited access.
or signup to continue reading
The telco publicly revealed the attack on September 22 and said it could impact 9.8 million customers. The incident is now under investigation by Australian Federal Police.
Slater and Gordon is investigating a potential class action against Optus on behalf of current and former customers who have been affected.
Class actions senior associate Ben Zocco said while the circumstances that led to the breach, and the scope of customer data unlawfully obtained were yet to be confirmed by Optus, the consequences could potentially be significant for some customers.
"This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed," he said.
Mr Zocco said the data breach was particularly concerning for vulnerable members of society, including domestic violence survivors, victims of stalking and other threatening behaviour and people who are seeking or have previously sought asylum in Australia.
He said given the type of information that has been disclosed, people can't simply heed Optus' advice to be on the lookout for scam emails and text messages.
This information alone would go a long way in allowing a criminal to steal an affected customer's identity.
- Slater and Gordon class actions senior associate Ben Zocco
"Very real risks are created by the disclosure of their personally identifiable information," he said.
"The fact that some customers appear to have had identification information such as drivers' licence and passport numbers disclosed is extremely concerning. This information alone would go a long way in allowing a criminal to steal an affected customer's identity."
IN OTHER NEWS
On Monday Home Affairs Minister Clare O'Neil addressed the Optus data breach during parliamentary Question Time and delivered a scathing attack on the telco.
"Responsibility for this security breach rests with Optus," she said.
"The breach is of a nature that we should not expect to see in a large telecommunications provider in this country."
What has Optus done since the cyber attack?
Optus has now sent email or SMS messages to all customers whose ID document numbers, such as licence or passport number, were compromised because of the cyberattack, Optus said on Monday.
"We continue to reach out to customers who have had other details, such as their email address, illegally accessed," the company said in a statement.
The most-affected current and former customers will be offered a free 12-month subscription to Equifax Protect.
"Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft," Optus said in a statement.
Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft.
- Optus
These customers will be contacted by Optus in coming days.
"No communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams," the telco said.
Optus said no passwords or financial details have been compromised.
What information has been compromised?
Customers' names, dates of birth, phone numbers, email addresses, driver's licence numbers, passport numbers or addresses could have been accessed in the attack, Optus confirmed.
Scamwatch issued an immediate alert to Optus customers.
If you are or were an Optus customer who may have been affected and wish to register your interest in Slater and Gordon's investigation, or for further information, visit www.slatergordon.com.au/optus.