Unknown funder backs Australian data breach claim

An unnamed funder is backing a new class action against Australian telecommunications company Optus in relation to a 2022 data breach.

On 22 September 2022, Optus announced that a cyberattack had compromised its systems and resulted in unlawful access to the personal information of millions of current and former customers.

At the time, Optus advised its customers that the following types of identity documents were disclosed:

  • Driver licence numbers

  • Proof of age/proof of identity documents

  • Australian and international passport details

  • Medicare card numbers

  • Invalid/incomplete ID document numbers (relating to the above listed forms of ID)

Approximately 9.8 million former and current Optus customers were affected, including approximately 10,000 customers whose details were exposed on the dark web.

Slater and Gordon filed a group proceeding (class action) in the Federal Court of Australia on 21 April 2023. The class action is brought by two lead applicants, a school teacher and a government employee, on behalf of Optus customers whose personal information was compromised in the data breach.

It is alleged that Optus failed to protect, or take reasonable steps to protect, the personal information of its current and former customers.

Accordingly, the following is alleged:

  • Optus breached its contract with Optus customers;

  • Optus breached the Australian Privacy Principles under the Privacy Act 1988 (Cth);

  • Optus breached its duty of care to Optus customers; and

  • Optus breached Australian Consumer Law.