Optus data breach: Millions of Australians may be able to claim compensation after cyber attack


Kylie Carson, a special counsel specialising in general compensation at Shine Lawyers, said if an Optus customer had a financial loss as a result of the data breach, they would potentially be able to pursue a claim

The millions of Optus customers who fell victim to Australia’s biggest ever data breach could be able to claim compensation from the telco, a top lawyer says. 

It comes as the embattled telco offered the ‘most affected’ customers access to free credit checks with the company Equifax – which suffered a massive data breach of its own in 2017, with some 140million people affected.  

Up to 11 million Australians have potentially had their personal addresses, dates of birth, phone numbers, passport details and drivers licences stolen in Optus cyber attack. 

The data breach, which Optus has apologised for and is investigating, has left many wondering what they can do to protect themselves – and whether they can be financially compensated for what has occurred. 

Kylie Carson, a special counsel specialising in general compensation at Shine Lawyers, said if an Optus customer had a financial loss as a result of the data breach, they may be able to pursue a claim.

There have since been calls for the telco to provide access to credit monitoring services for those affected so they could check if there'd been any suspicious activity in their accounts (stock image)

There have since been calls for the telco to provide access to credit monitoring services for those affected so they could check if there’d been any suspicious activity in their accounts (stock image)

‘To pursue a claim, it would have to be viable and you’d have to prove that Optus didn’t do enough and didn’t put sufficient things in place to protect your data,’ she told Daily Mail Australia.

Ms Carson added something like human error would also have the potential for victims to make a claim.

‘Optus is vicariously liable for the actions of their employees,’ she said.

Ms Carson herself was the victim of the data breach.

She added Optus was providing customers with ‘more questions than answers’ and urged people to stay vigilant.

‘Everyone should be a bit cautious about the messages and texts they get sent, if it looks suspicious it probably is,’ Ms Carson added.

Optus on Monday announced the ‘most affected’ customers would be given a 12-month subscription to credit monitoring and identity protection service Equifax Protect. 

‘The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,’ the company said. 

Equifax suffered its own massive data breach in 2017, with 147 million people in the United States affected. The data that was leaked included names, addresses, dates of birth, Social Security numbers and credit card numbers.

The breach was announced six weeks after it was discovered and led to a $425million settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories to help those affected.

Meanwhile a mysterious hacker claiming to be behind the breach has since demanded Optus hand over $1.5million in ransom money in the form of cryptocurrency Monero, or they will publish the data

Meanwhile a mysterious hacker claiming to be behind the breach has since demanded Optus hand over $1.5million in ransom money in the form of cryptocurrency Monero, or they will publish the data

Australian law firm Slater and Gordon on Monday said they were investigating a possible class action against Optus.

The firm’s senior associate Ben Zocco said they were assessing possible legal options for those caught in the cyber attack.

‘This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed,’ Mr Zocco said.

‘We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.

‘Given the type of information that has been reportedly disclosed, these people can’t simply heed Optus’ advice to be on the look-out for scam emails and text messages.’ 

Sydney-based solicitor Jahan Kalantar said he’d already been inundated with Optus customers seeking legal advice about the breach.

Pictured is an email sent to one Optus customer informing them their data had been breached

Pictured is an email sent to one Optus customer informing them their data had been breached

‘People will be no doubt making various complaints to the Information and Privacy Commission NSW,’ he said.

‘And there’ll be no doubt furious scrutiny on Optus to how this has happened.’

He said those who subscribe to the telco should do everything they can to minimise the exposure like changing their passwords, and making detailed records of the conversations they have with Optus since the breach has happened.

Meanwhile a mysterious hacker claiming to be behind the breach has since demanded Optus hand over $1.5million in ransom money in the form of cryptocurrency Monero, or they will publish the data.

On Saturday morning the ransom demand, which tech experts believe is legitimate, appeared on an online forum with the hackers warning the telco it had one week to respond. 

‘Optus if you are reading! price for us to not sale data is 1.000.000$US We give you 1 week to decide,’ part of the message read. 

On Friday morning, CEO Kelly Bayer Rosmarin made an emotional apology to the millions of Optus customers whose details had been compromised. 

She confirmed payment details and account passwords were protected but admitted she felt ‘terrible’ the breach had happened under her watch. 

‘I think it’s a mix of a lot of different emotions,’ she said.

‘Obviously I am angry that there are people out there that want to do this to our customers, I’m disappointed we couldn’t have prevented it.

‘I’m very sorry and apologetic. It should not have happened.’ 

Read more at DailyMail.co.uk