‘Win for transparency’: Optus hands up 2022 cyber attack report
Optus has complied with a Federal Court judge’s 24-hour deadline to hand over to a law firm a report into the devastating 2022 cyber attack.
Optus has finally handed over to a law firm pursuing a class action against it, a hard copy of a Deloitte report into a disastrous cyber attack that affected millions of customers.
Slater and Gordon brought the action on behalf of Optus customers whose data was leaked on to the dark web as a result of the incident, and class actions practice group leader Ben Hardwick said Optus has been fighting “tooth and nail to stop this report getting out for more than a year”.
“While the Deloitte report has been provided to us on a confidential basis for the purpose of the case only, we expect that, as the matter progresses, Optus customers will discover more information about the way this telco has treated their personal information,” he said.
“This is a great win for transparency. Optus and other big tech companies are quickly learning that they can’t get away with showing disregard for our personal information.”
On Thursday, the Federal Court gave Optus 24 hours to hand over a hard copy of its Deloitte report into the 2022 cyber attack.
Justice Jonathan Beach released fresh orders in the class action matter on Thursday that required Optus to share the report with the law firm.
“Within 24 hours of the date of these orders, the respondents discover and produce to the applicants for inspection a hard copy of the report prepared for one or more of the Optus respondents by Deloitte Touche Tohmatsu (Deloitte) concerning the data breach which occurred in mid September 2022 (Deloitte report), which is to be subject to the confidentiality obligations,” Justice Beach said.
The report will be subjected to a confidentiality agreement made between Optus and Slater and Gordon. Justice Beach has ordered the parties to attempt to agree on a regimen to manage documents in the court case.
As well, documents prepared by Optus for the purpose of giving instructions to Deloitte for preparing the report will have to be identified.
Optus twice failed to have the Deloitte kept out of the court case, and two judgments ruled that Optus failed to prove the dominant purpose of the report was for legal advice.
Up to 9.5 million customers’ private and confidential information was released as a result of a cyber attack between September 17 and 20, 2022. The breach is now also the subject of two other inquiries being conducted by the Office of the Australian Information Commissioner and the Australian Communications and Media Authority.
Separately, this week it was revealed Optus would, on August 5, increase the price of some of its mobile plans for the first time in two years by about 5 per cent.
Australia’s second-largest telco said the price increase came at a time it was investing in its network to “boost capacity, speed and reliability of 4G, whilst rolling out our award-winning 5G network to even more Australians”.
More Coverage
Labor-friendly law firm sued over underpayment row
Slater + Gordon has been accused of deliberately miscalculating staff leave entitlements, failing to immediately reconcile the underpayments, and sacking the human resources boss who blew the whistle on the alleged scandal.
ANZ should have declared sacked trader ‘whistleblower’, court hears
A former ANZ trader is claiming the bank could have ‘vindicated’ him after incorrectly claiming he was involved in market manipulation.