A class action against Optus over a massive data breach will ask the courts to put a price on Australians’ privacy and is expected to serve as a wake-up call to the corporate world.
The telco giant is facing a suit filed by class action law firm Slater and Gordon, representing 100,000 people and accusing Optus of breaching privacy, telecommunication and consumer laws as well as the company’s internal policies.
While Optus has said no customers fell victim to financial loss or crime as a result of the hack, the law firm argues privacy is essentially priceless, and “time is money” after people were forced to take multiple steps to protect themselves after their information was stolen.
The hack has also caused many customers anxiety and distress, Slater and Gordon class actions practice group leader Ben Hardwick said.
“This will be a wake-up call for corporate Australia that … when we entrust it with our driver’s licence, with our passport, with our private information, it has an obligation to protect that information and to delete that information when it’s no longer required to be kept,” Mr Hardwick said.
“We will be seeking a substantial sum of compensation in these proceedings.
“We will be asking the court to make a determination about what is the value of Australians’ privacy.”
Some 100,000 people contacted Slater and Gordon about the class action, making it the largest ever response received by the firm, Mr Hardwick said.
The Singapore-owned telco breached its duty of care to ensure customers did not suffer harm arising from the unauthorised access or disclosure of their personal information, did not take reasonable steps to protect customer information and failed to destroy or de-identify former customers’ personal information, the lawsuit alleges.
“Optus really should have had better systems in place to lock down the information of everyday Australians,” Mr Hardwick said.
Almost 10 million Optus customers had their personal information stolen during last year’s breach, including passport, licence and Medicare details.
The leak put customers at a higher risk of scams and having their identities stolen, Mr Hardwick said. It also potentially jeopardised “vulnerable” customers’ safety.
Among the 100,000 people who registered for the class action was a domestic violence victim who spent money intended for counselling for her children on increasing security around the house, and a retired police officer concerned his home address may have been shared with criminals he’d put away.
“The release of this data has potentially breached the safety of me and my children,” one customer said.
“I’ve spent every day basically anxious, just wondering if my details were going to fall into the wrong hands.”
The lead applicant, whose identity is being kept secret, added: “It feels like only a matter of time before I get scammed or defrauded, which is a constant worry that I didn’t have before I was let down by Optus.”
Victims of burglary, stalking and scam calls also signed up after being concerned about their security.
About 20 terabytes of data were improperly accessed including current and former customers’ names, dates of birth, phone numbers and email addresses
A subset of the 9.8 million affected customers also had their addresses and identity document numbers compromised.
The data breach was the first of a wave of leaks and hacks in September and October that hit major Australian corporations including Medibank Private, EnergyAustralia and Woolworths.
Optus on Friday confirmed it had been advised about the filing of the class action.
“As indicated previously, Optus will vigorously defend any such proceedings,” a spokesman said.
The breach is being investigated by the Office of the Australian Information Commissioner, Australia’s telecommunications watchdog and other agencies.
Australia’s class action regime is opt-out, meaning Optus customers do not need to register to be part of the lawsuit.
– AAP