ACMA Alleges Legal Action Following 2022 Optus Data Breach


Australian telco Optus faces legal battle with the country’s communications and media watchdog over the 2022 data breach.

The Optus data breach resulted in the theft of personal information of over 10 million – about 40% of the population – current and former customers.

The Australian Communications and Media Authority (ACMA) has taken action against the country’s second-largest telecommunications company, alleging negligence in safeguarding customer data as mandated by the Telecommunications (Interception and Access) Act 1979 (Cth).

Parent company Singtel, Faces Legal Action Following the Optus Data Breach

The Cyber Express has reached out to Optus to learn more about this legal action by the Australian Communications and Media Authority (ACMA). In response, a Optus spokesperson stated that they are aware of the proceedings in the Federal Court of Australia in relation to the cyberattack in September 2022.

“At this stage, Optus Mobile is not able to determine the quantum of penalties, if any, that could arise. Optus has previously apologised to its customers and has taken significant steps, including working with the police and other authorities, to protect them. It also reimbursed customers for the cost of replacing identity documents. Optus intends to defend these proceedings. As the matter is now before the courts, Optus is unable to make any further comment”, denoted the Optus spokesperson.

In the Optus cyberattack, which occurred between September 17 and 20, 2022, hackers infiltrated Optus’s security measures, gaining unauthorized access to sensitive customer information. ACMA’s move to file Federal Court proceedings signifies a significant step in holding Optus accountable for the breach, highlighting the regulatory emphasis on data protection and privacy.

“The ACMA has filed proceedings in the Federal Court against Optus Mobile Pty Ltd (Optus). We allege that during a data breach that occurred between 17 to 20 September 2022, Optus failed to protect the confidentiality of its customers’ personal information from unauthorized interference or unauthorized access as required under the Telecommunications (Interception and Access) Act 1979 (Cth)”, ACMA‘s statement read. 

Optus, owned by Singaporean company Singtel, has expressed its intention to defend itself against the allegations while acknowledging the severity of the incident. “At this stage, Optus Mobile is not able to determine the quantum of penalties, if any, that could arise,” a spokesperson told local media.

The company has previously issued apologies to affected customers and taken proactive measures, including collaboration with law enforcement agencies, to mitigate further risks. Moreover, Optus has reimbursed customers for expenses incurred in replacing compromised identity documents, reflecting its commitment to addressing the aftermath of the breach.

Optus on the Road to Recovery but Legal Headache Ensues

Following the cyberattack, Optus disclosed that approximately 2.1 million Australians had their identification numbers compromised, including details from driver’s licenses and passports. Additionally, around 10,000 customers had their information exposed on the dark web, exacerbating concerns regarding the extent of the breach’s impact on individuals’ privacy and security.

Financially, the repercussions of the cyberattack have been substantial for Optus and its parent company, Singtel. The latter reported cyberattack-related costs amounting to 142 million Singapore dollars ($159 million) for the fiscal year ending March 31, 2023. These costs encompass various expenses, including regulatory investigations and potential litigation.

The telecommunications company even on the back of the challenges faced post the cyberattack, reported stable earnings and mobile growth in FY24. Optus added 116,000 subscribers to its mobile customer base including growth of 108,000 prepaid customers.

Interim CEO and CFO Michael Venter said the results demonstrated a solid performance in a difficult environment, as Optus remained focussed on enhancing customer experience.

“Optus is working hard to rebuild the trust of customers after a challenging 18 months and these results demonstrate we are on the right track,” Venter said. “We’re listening to our customers and in the year ahead we’ll be continuing to prioritise what we know is important to them – a resilient network that delivers seamless connectivity, great value products and services, and simple, efficient customer service.”

This strong performance, however, does not lessen the legal woes for Optus. Legal proceedings have further intensified with the commencement of class action proceedings by law firm Slater and Gordon on behalf of affected individuals. The lawsuit alleges Optus’s violation of privacy, telecommunication, and consumer laws, signaling a broader legal battle over accountability and corporate responsibility in safeguarding customer data.

In response to escalating cyber threats, the Australian government has ramped up investments in cybersecurity initiatives, imposing stricter penalties for companies failing to address privacy breaches adequately. The Office of the Australian Information Commissioner (OAIC) has been empowered with enhanced authority to expedite breach resolutions and notify affected individuals promptly, signaling a concerted effort to enhance data protection measures nationwide.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.



Source link