Optus data breach: Millions of Australians may be able to claim compensation after cyber attack
>
The millions of Optus customers who have fallen victim to one of Australia’s biggest data breaches could be seeking compensation from the telecom operator, a top lawyer says.
It’s because the controversial telco offered the ‘most affected’ customers access to free credit checks at the company Equifax – which itself had a massive data breach in 2017, affecting 140 million people.
Up to 11 million Australians may have had their personal addresses, dates of birth, phone numbers, passport details and driving licenses stolen in the Optus cyber attack.
The data breach, for which Optus has apologized and is now investigating, has left many wondering what they can do to protect themselves — and whether they can be financially compensated for what happened.
Kylie Carson, a special counsel who specializes in general compensation at Shine Lawyers, said that if an Optus customer suffered a financial loss as a result of the data breach, they may be able to file a claim.
More than 11 million Australians may have had their personal addresses, dates of birth, phone numbers, passport details and driving licenses stolen in last week’s cybersecurity attack
Kylie Carson, a special counsel specializing in general compensation at Shine Lawyers, said that if an Optus customer suffered a financial loss as a result of the data breach, they could potentially file a claim.
“To make a claim it would have to be viable and you have to prove that Optus has not done enough and has not done enough to protect your data,” she told the Daily Mail Australia.
Ms. Carson added that something like human error would also have the potential for victims to file a claim.
“Optus is vicariously liable for the actions of their employees,” she said.
Ms. Carson herself was the victim of the data breach.
She added that Optus gave customers “more questions than answers” and urged people to remain vigilant.
“Everyone needs to be a little careful with the messages and texts they get, if it looks suspicious it probably is,” added Ms Carson.
Optus announced Monday that the “most affected” customers would receive a 12-month subscription to its credit monitoring and identity protection service Equifax Protect.
“The most affected customers will receive direct communication from Optus in the coming days on how to start their subscription for free,” the company said.
Equifax suffered its own massive data breach in 2017, affecting 147 million people in the United States. The leaked data includes names, addresses, dates of birth, social security numbers and credit card numbers.
The breach was announced six weeks after discovery and led to a $425 million settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau and 50 US states and territories to help those affected.
Since then, calls have been made for the telco to provide access to credit monitoring services for those affected so that they can check if there was any suspicious activity in their accounts (stock image)
Australian law firm Slater and Gordon said Monday they were investigating a possible class action against Optus.
Ben Zocco, the company’s senior employee, said they were assessing potential legal options for those caught in the cyberattack.
“This is possibly the most serious invasion of privacy in Australian history, both in terms of the number of people affected and the nature of the information released,” said Mr Zocco.
“We believe the consequences could be particularly serious for vulnerable members of society, such as survivors of domestic violence, victims of stalking and other threatening behaviour, and people seeking or applying for asylum in Australia.
“Given the type of information reportedly released, these people can’t just heed Optus’ advice to be wary of scam emails and text messages.”
Sydney-based lawyer Jahan Kalantar said he had already been inundated with Optus customers seeking legal advice over the breach.
Pictured is an email sent to an Optus customer informing them that their data has been breached
“People will no doubt file various complaints with the NSW Information and Privacy Commission,” he said.
“And there will no doubt be furious investigations into Optus as to how this happened.”
He said those who subscribe to the telco should do everything they can to minimize exposure, such as changing their passwords and making detailed records of the conversations they’ve had with Optus since the breach happened.
Meanwhile, a mysterious hacker claiming to be behind the breach has since demanded that Optus hand over $1.5 million in ransom in the form of cryptocurrency Monero, or they will publish the data.
On Saturday morning, the ransom request, which tech experts believe is legitimate, appeared on an online forum with the hackers warning the telco it had a week to respond.
‘Optus if you read! price for us not to sell data is 1,000,000$US We give you 1 week to decide,” read part of the message.
On Friday morning, CEO Kelly Bayer Rosmarin issued an emotional apology to the millions of Optus customers whose data had been compromised.
She confirmed that payment details and account passwords were protected, but admitted that she was “terrible” that the breach had taken place under her supervision.
“I think it’s a mix of a lot of different emotions,” she said.
“Of course I’m angry that there are people who want to do this to our customers, I’m disappointed that we couldn’t have prevented it.
‘I am very sorry and apologise. It shouldn’t have happened.’
Meanwhile, a mysterious hacker claiming to be behind the breach has since demanded that Optus hand over $1.5 million in ransom in the form of cryptocurrency Monero, or they will publish the data.