Optus to answer privacy court case stemming from 2022 data breach

Optus is set to face a privacy lawsuit stemming from its 2022 data breach, with Federal Court proceedings filed by the Australian Information Commissioner.

The commissioner alleges Optus “failed to adequately manage cyber security and information security risk in a manner commensurate” to data volume, the telco’s size and its risk profile.

An Optus spokesperson said the telco “will review and consider the matters raised in the proceedings and will respond to the claims made by the AIC in due course.”

“As the matter is now before the Australian courts, Optus will not be commenting further at this time.”

An attacker allegedly abused an unauthenticated, internet-facing API to access and steal personal information of up to 10 million current and former Optus customers.

The telco is already facing separate court action filed by the Australian Communications and Media Authority (ACMA), as well as a class action lawsuit.

It must now answer a privacy case as well.

Australian information commissioner Elizabeth Tydd said in a statement that the case against Optus showed “the OAIC will take the action necessary to uphold the rights of the Australian community.”

“Organisations hold personal information within legal requirements and based upon trust,” Tydd said.

“The Australian community should have confidence that organisations will act accordingly, and if they don’t, the OAIC as regulator will act to secure those rights.”