Australian Information Commissioner Files Lawsuit Against Optus Over 2022 Data Breach

The Office of the Australian Information Commissioner (OAIC) has initiated civil penalty action in the Federal Court against Singtel Optus Pty Limited and Optus Systems Pty Limited. This action stems from allegations that Optus failed to adequately protect the personal information of its customers during the significant 2022 data breach. The OAIC claims that between 17 October 2019 and 20 September 2022, Optus “seriously interfered with the privacy of approximately 9.5 million Australians.” The OAIC believes that Optus did not effectively manage its cyber risk, particularly given the extensive and sensitive nature of the data it held.

Australian Information Commissioner Elizabeth Tydd stated that the commencement of these proceedings underscores the OAIC’s commitment to uphold the rights of the Australian community. She emphasised that organisations are entrusted with personal information under legal obligations and that the community should have confidence in their compliance. The Optus data breach, which occurred in September 2022, resulted in the compromise of a vast array of customer data, including passport and driver’s licence details, Medicare numbers, and birth certificates. This incident highlights the risks associated with external-facing websites and domains, reinforcing the need for robust cybersecurity measures. 

Categories: Data Breach, Privacy Protection, Cybersecurity Compliance 

Tags: OAIC, Civil Penalty, Federal Court, Optus, Data Breach, Privacy, Customers, Cyber Risk, Information, Regulations