Optus has lost its bid to appeal an earlier Federal Court decision granting access to portions of a forensic review of its 2022 data breach to a law firm as part of a class action lawsuit.
The finding that the forensic report is not protected by legal privilege is a win for Slater and Gordon in the case it launched on behalf of more than 10,000 clients whose personal information was compromised.
The law firm is seeking to demonstrate that negligence contributed to the exfiltration of customer data and may cite the report’s findings based on the extent to which they substantiate assertions.
Although the report, which was prepared by Deloitte, will not be made public, portions will likely be released as the case progresses.
The Australian Financial Review reported that that while Optus accepts the judgment, it is “considering seeking confidentiality orders relating to elements of the report that we believe are key to the ongoing protection of our customer data and our systems from cyber criminals.”
The case hinged on the reasons that the Deloitte review was commissioned, and whether it was for legal advice purposes alone or for other reasons as well.
An October 2022 media release stated that the review would also “help ensure [Optus] understands how [the data breach] occurred and how we can prevent it from occurring again.
“It will help inform the response to the incident for Optus. This may also help others in the private and public sector where sensitive data is held and risk of cyber attack exists,” the media release stated.