Major Australian telco Optus could face tens of millions of dollars in fines after the Australian Information Commissioner (AIC) commenced legal action against them in the Federal Court.
The data breach occurred after a 2022 cyberattack, which involved unauthorised access to the personal information of millions of current, former and prospective customers of Optus, and the subsequent release of some of this information on the dark web.
Some of the information leaked included names, date of birth, phone numbers and passport numbers.
The AIC alleges that from on or around 17 October 2019 to 20 September 2022, Optus seriously interfered with the privacy of approximately 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse.
“Organisations hold personal information within legal requirements and based upon trust,” the AIC Elizabeth Tydd said.
“The Australian community should have confidence that organisations will act accordingly, and if they don’t the OAIC as regulator will act to secure those rights.”
Optus may now face heavy fines, with the Federal Court able to impose a civil penalty of up to $2.22 million for every breach, with 9.5 million breaches alleged by the AIC.
A spokesperson for Optus told 9News.com.au the company was reviewing and considering the matter and would respond to the claims made by the AIC.
”Optus apologises again to our customers and the broader community that the 2022 cyber-attack occurred,” they said.
“We strive every day to protect our customers’ information and have been working hard to minimise any impact the cyber-attack may have had.
“As the matter is now before the Australian Courts, Optus will not be commenting further at this time.”
