Optus taken to court by Australian Communications and Media Authority over massive data breach in 2022

Australia’s media regulator is taking legal action against telecommunications giant Optus over a major cyber attack almost two years ago.

Optus in September 2022 was hit with a massive data breach that exposed the personal information of millions of customers including names, dates of birth, phone numbers and email addresses.

Other customers also had their addresses, ID document numbers such as driver’s licence or passport numbers exposed.

The Australian Communications and Media Authority has filed proceedings in the Federal Court, alleging that during the data breach — which occurred between September 17 to 20, 2022, — Optus failed to protect the confidentiality of its customers’ personal information.

ACMA claims the actions of Optus breached the Australian Telecommunications (Interception and Access) Act.

The hackers behind the attack had threatened to release all the data it had collected but later scrapped the $1.5 million ransom it had demanded.

An Optus spokeswoman on Thursday said it was unable to determine the proportion of penalties which may arise and would defend the proceedings.

“Optus has previously apologised to its customers and has taken significant steps, including working with the police and other authorities, to protect them,” she said.

“It also reimbursed customers for the cost of replacing identity documents.”

Optus is already facing two class action lawsuits lodged by law firms Maurice Blackburn and Slater and Gordon on behalf of the telco’s customers.

Optus’ Singaporean parent company, Singtel, has also been contacted for comment.

Australia’s second-largest telco has recently drawn public anger after an outage in November last year left more than 10 million customers without phone and internet access for up to 14 hours and sparked hundreds of complaints to the industry watchdog.

Optus’ chief executive Kelly Bayer Rosmarin resigned after the nationwide outage.

It comes as Singtel on Thursday also announced full-year net profit fell 64 per cent to $S795 million ($889.2m) as a result of $S1.47 billion loss, partially due to impairment charges.

Singtel also flagged cost savings of about $S200m at its Singaporean business and Optus.

“We have made significant improvements in our operations to reap synergies and drive innovation, the key being the consolidation of our consumer and enterprise businesses in both our Singapore and Australian companies,” Singtel group chief executive Yuen Kuan Moon said.

Meanwhile, Optus reported its full-year revenue was largely unchanged at $8.1b.

“Optus is working hard to rebuild the trust of customers after a challenging 18 months and these results demonstrate we are on the right track,” Optus interim chief executive and chief financial officer Michael Venter said of the result.

“We’re listening to our customers and in the year ahead we’ll be continuing to prioritise what we know is important to them — a resilient network that delivers seamless connectivity, great value products and services, and simple, efficient customer service.”

The telco said it added 116,000 subscribers to its mobile customer base in the year to the end of March.