About 160,000 members join the Optus data breach class action
December 11, 2024 |
The Australian reports in Class action against Optus after 2022 data breach registers 160,000 members that about 160,000 members have joined in the class action against Optus resulting from the 2022 data breach. This report is based on submissions made at a case management hearing before Justice Beach today.
The class action is brought in proceeding PETER JULIAN ROBERTSON & ANOR v SINGTEL OPTUS PTY LIMITED ACN 052 833 208 & ORS (number VID256/2023).
The article provides:
About 160,000 people whose passport and Medicare numbers were leaked online after Optus was hacked in 2022 have registered to partake in a class action against the telco.
Appearing for class action behemoth Slater & Gordon, barrister William Edwards, KC, told the Federal Court on Wednesday the estimated number of members to join the action, which alleges Optus failed to protect the personal information of 9.8 million of its current and former customers whose personal data was leaked online after a cyber attack.
The court was told Optus and Slater & Gordon were still trying to settle the case by mediation, with a hearing possible if that failed.
In court, the parties argued over how much security Slater & Gordon should give Optus since it insisted on a secretive regime to keep documents exchanged in the case away from the public.
Optus announced a cyberattack breached its systems which exposed personal information of millions of current and former customers, including about 10,000 customers whose details were leaked on the dark web.
Passport numbers, driver licence numbers, identity documents and Medicare card numbers were among the sensitive pieces of information leaked online.
Optus was heavily criticised and its then chief Kelly Bayer Rosmarin quit the telco in the wake of the attack, after initially claiming the company would release the findings of a Deloitte investigation into what happened but reneging on the promise.
Slater & Gordon have now received the report, but it is still suppressed from the public.
A separate action has been filed against the telco by the Australian Communications and Media Authority, alleging a coding error introduced to Optus’ public domain meant it was not “adequately” protected.
According to a redacted amended statement of claim, seen by The Australian, Optus was allegedly aware in August 2021 of vulnerabilities to the domain but not the coding error.
According to ACMA’s pleadings, at no time between September 2018 and September 2020 did Optus identify the coding error.
It said due to the coding error, a cyber attacker was able to obtain the personal information.
“The cyber attack was not a highly sophisticated cyber attack and did not require advanced skills,” the pleading stated.
In its defence, Optus said “the cyber-attacker commenced the cyber-attack with a high degree of knowledge of Optus’ systems”.
“Optus Mobile was the target of a criminal act by the Cyber-attacker that deliberately targeted Optus’ API interface,” the defence document said.
Optus claimed the cyber attacker avoided detection alerts.
ACMA is seeking pecuniary penalties against Optus.
After a very hard fight in June 2024 Optus was ordered to hand over the cyber attack report. The Australian reported this with ‘Win for transparency’: Optus hands up 2022 cyber attack report. The issue became one of whether the report was covered by legal professional privilege or was a discoverable document. The article provides:
Optus has finally handed over to a law firm pursuing a class action against it, a hard copy of a Deloitte report into a disastrous cyber attack that affected millions of customers.
Slater and Gordon brought the action on behalf of Optus customers whose data was leaked on to the dark web as a result of the incident, and class actions practice group leader Ben Hardwick said Optus has been fighting “tooth and nail to stop this report getting out for more than a year”.
“While the Deloitte report has been provided to us on a confidential basis for the purpose of the case only, we expect that, as the matter progresses, Optus customers will discover more information about the way this telco has treated their personal information,” he said.
“This is a great win for transparency. Optus and other big tech companies are quickly learning that they can’t get away with showing disregard for our personal information.”
On Thursday, the Federal Court gave Optus 24 hours to hand over a hard copy of its Deloitte report into the 2022 cyber attack.
Justice Jonathan Beach released fresh orders in the class action matter on Thursday that required Optus to share the report with the law firm.
“Within 24 hours of the date of these orders, the respondents discover and produce to the applicants for inspection a hard copy of the report prepared for one or more of the Optus respondents by Deloitte Touche Tohmatsu (Deloitte) concerning the data breach which occurred in mid September 2022 (Deloitte report), which is to be subject to the confidentiality obligations,” Justice Beach said.
The report will be subjected to a confidentiality agreement made between Optus and Slater and Gordon. Justice Beach has ordered the parties to attempt to agree on a regimen to manage documents in the court case.
As well, documents prepared by Optus for the purpose of giving instructions to Deloitte for preparing the report will have to be identified.
Optus twice failed to have the Deloitte kept out of the court case, and two judgments ruled that Optus failed to prove the dominant purpose of the report was for legal advice.
Up to 9.5 million customers’ private and confidential information was released as a result of a cyber attack between September 17 and 20, 2022. The breach is now also the subject of two other inquiries being conducted by the Office of the Australian Information Commissioner and the Australian Communications and Media Authority.
Separately, this week it was revealed Optus would, on August 5, increase the price of some of its mobile plans for the first time in two years by about 5 per cent.
Australia’s second-largest telco said the price increase came at a time it was investing in its network to “boost capacity, speed and reliability of 4G, whilst rolling out our award-winning 5G network to even more Australians”.
hi Legal team,
i’m Jiranun Ratanapongbandith and I am seeking legal advice regarding a serious matter involving unauthorised porting of my mobile number, identity theft, and a failure in duty of care by Optus.
On 03/06/2025, my Optus mobile number was fraudulently ported out without my consent. As a result, I lost access to my phone network, and several of my bank accounts and personal online accounts were compromised, including Westpac, ANZ, Google, and Amazon.
I attempted to resolve the issue with Optus, but received no effective support, including from the Optus Doncaster store, where I was refused help and asked to leave — even though I remained calm and was clearly distressed. I have since filed complaints with the Telecommunications Industry Ombudsman (TIO) and ReportCyber.
I am seeking:
Legal advice on my rights under Australian Consumer Law and Privacy legislation
Options for pursuing compensation from Optus
Assistance in determining whether I have grounds for a negligence or breach of duty of care claim
Guidance on whether to escalate this through civil court or remain with the TIO process
I would greatly appreciate the opportunity to discuss my case further and understand your fee structure for an initial consultation.
Please let me know if you require any documents or a written timeline of the events in advance.
hope to hear from you soon,
Jiranun Ratanapongbandith
Please email me a contact email or phone number and I will make contact. My email is papclarke@optusnet.com.au
hi Legal team,
i’m Curtis Webber and I am seeking legal advice regarding a serious matter involving unauthorised porting of my mobile number, identity theft, and a failure in duty of care by Optus.
On 03/06/2025, my Optus mobile number was fraudulently ported out without my consent. As a result, I lost access to my phone network, and several of my bank accounts and personal online accounts were compromised, including greater bank , NAB,commonwealth bank Australia, Google, and Amazon and also apple!
I attempted to resolve the issue with Optus, but received no effective support, including from the Optus Doncaster store, where I was refused help and asked to leave — even though I remained calm and was clearly distressed. I have since filed complaints with the Telecommunications Industry Ombudsman (TIO) and ReportCyber.
I am seeking:
Legal advice on my rights under Australian Consumer Law and Privacy legislation
Options for pursuing compensation from Optus
Assistance in determining whether I have grounds for a negligence or breach of duty of care claim
Guidance on whether to escalate this through civil court or remain with the TIO process
I would greatly appreciate the opportunity to discuss my case further and understand your fee structure for an initial consultation.
Please let me know if you require any documents or a written timeline of the events in advance.
hope to hear from you soon,
Curtis Daniel Webber
Dear Mr Webber,
Please email me at my work email of papclarke@optunet.com.au and give me a contact number where I can reach you.
Regards,
Peter Clarke
Hello
I was affected by the 2022 Optus (and GE Latitude) data leaks and sadly think I have been affected again with the Optus one. I just heard you are running the legal cases and found this page.
We lost our home in the 2022 floods and we still have not fully rebuilt our home. I am worried I am going to have to get my license replaced again and just read that you are running a law suit against at least Optus? Is that correct? Can other people join?
If you can email me any information if that is correct that would be great. I have been getting spam calls and emails since the Optus and GE leaks and did have to replace my NSW license ( i am not sure if that was from Optus or GE as we were living in a caravan camping in our driveway due to the floods.) I still have not replaced all my documents (passport etc); most of our belongings are still in storage (since 2022).
Hi,
I am not running the Optus data breach class action. I am not sure what information you are after. I am happy to chat on (03) 92258751.
16 July, 2025
Good afternoon Sir,
I received a lot of spam emails everyday & increasing spam messages since Optus data breach in September 2022
I am interested in joining the Optus data breach class action
I would appreciate if you can email me any information or completing an application form to pursue this matter
thank you very much Agnes
My details were exploited after the optus data breaches, for years I’ve had endless problems still to this day access to my bank accounts, online currency wallets with bit an rubi coin, google and Social accessed, online purchases, ;ocal an overseas product and assets sold and some other products and services an purchases made , my accident injury an compensation injury pain suffering future warnings loss accessed, my shares an stocks , I’ve lost phenomenal amounts an also been targeted an injured stalked attacked am sexually assua;Ted for speaking g up due to the substantial wort
My information was breached and my mygov account was changed. My info from my centaurs was changed in which my payment went to another account ivw had numerous accounts from companies saying I owe money as my licence tax dept and supa info was vonurable. Also medical info and my teenage daughter daughters info too. Im do s atef of whats to come
My information was breached I was notified by Optus that it was and I reached out to Slater and Gordon they sent an email way back stating they would keep me informed and have not heard anything further for 2 and a half years. What’s the go and how do we follow this up if they don’t mess
age back
I was severely affected by the Optus data breach, which led to widespread identity theft and financial damage. Your personal information, including your driver’s licence, identification details, and phone account data, was exposed and misused. After the breach, unauthorised individuals used your information to connect multiple new phone numbers under your name without consent, including those linked to the two mobile plans you had set up for your children. Optus failed to notify you of these new connections or transfers, and when unexplained charges appeared on your account, they refused to provide information, claiming the numbers had been transferred to others.Following this, your personal data was further compromised — intruders accessed your myGov, ATO, Centrelink, and bank accounts, as well as your children’s accounts. Money was transferred between accounts without your permission, false tax claims were lodged during a period when you were not working, and your superannuation was fraudulently moved into other accounts. These events left you in debt and financial distress, with no effective assistance from Optus. Despite reaching out several times, the company’s overseas customer service teams were unable to properly understand your situation or provide meaningful support, leaving you without help for over a year.
Optus are avoiding the questions, and aren’t even responding to these extra phone numbers connected, they stated the account number had been recycled. The account is still active under another number and email. 4 yrs still trying to get them to do something
My name is Chad Baillie I just want you confirm all of the details at all the information regarding the Optus data breach class action please
Chad, I recommend you contact Maurice Blackburn or Slater and Gordeon or both about the class action. While I am involved in litigation I am not involved in that class action. I write about it. I