Legal loss caps disastrous week for Optus
Optus can’t keep secret a report on last year’s damaging cyber attack a judge has ruled, piling more pressure on the telco and its embattled CEO.
A significant legal loss has capped off a disastrous week for Optus, with a judge ruling that it can’t keep secret a report on last year’s damaging cyber attack.
The embattled telco had claimed in a class action case bought by Slater & Gordon that the primary purpose of the report prepared by Deloitte was to assess its legal risk.
But on Friday afternoon Federal Court Justice Jonathan Beach ruled that Optus had not made good its ‘claim of privilege’ for the report.
The decision puts more pressure on Optus CEO Kelly Bayer Rosmarin whose handling of the network outage this week has been criticised.
Optus announced last October that Deloitte would “conduct an independent external review” of the previous month’s cyberattack and the telco’s security systems, controls and processes.
Ms Bayer Rosmarin said at the time that the report might help others in the private and public sector where sensitive data is held and risk of cyberattack exists.
“I am committed to rebuilding trust with our customers and this important process will assist those efforts,” she said of the report which was to be a forensic assessment of the cyberattack where more than 10m Optus customers had their private data leaked.
Justice Beach on Friday said comments by Ms Bayer Rosmarin in last year’s announcement showed its main purpose was not “a defensive legal or litigation strategy”.
“In my view, the evidence does not establish that the Deloitte report was for the dominant purpose of Optus obtaining legal advice for use in litigation/regulatory proceedings,” he said.
“Channelling material through lawyers or having lawyers make the retainer, belatedly, cannot cloak material with any privilege that it did not otherwise have.”
As well, Justice Beach said a press alert published in October last year to inform the public it had engaged Deloitte to conduct a forensic investigation into the root cause of the cyber-attack was a “real problem” for Optus — owned by Singtel — because it was not clear it had been ordered for legal purposes.
Justice Beach said: “none of this bespeaks or manifests a dominant purpose in the nature of a privileged purpose”.
He noted a formal letter of engagement to Deloitte said it could be shared in its entirety with the Singtel board and a public statement was released which “sought to convey various positive messages”.
“We are committed to learning, doing better in the future, and sharing lessons so all companies and all Australians can benefit from our terrible experience,” the statement read.
Deloitte provided its final report to Optus General Counsel Nicholes Kusalic and Ashurst, the legal firm it engaged following the cyber-attack, in July this year.
To avoid a perception of “Optus marking their own work”, it was decided that an external firm, being Deloitte, would conduct the investigation according to the judgement.
Slater & Gordon in April kicked off proceedings against Optus over the 2022 data breach and had been trying to get access to the report.
Optus is said to be considering Friday’s judgement and it is understood that if it loses an appeal the report still won’t be publicly released but will become a key document in the class action.
The court loss comes after a horrendous week for Optus and its customers who on Wednesday were left without telecommunications services for much of the day.
In an effort to cauterise reputational damage, Optus has offered $100 of free data to millions of customers but the inadequacy of the compensation has generated more criticism.
The Council of Small Business Organisations Australia said some small businesses lost as much as $10,000 after the outage crippled their operations, including their ability to accept payments and bookings.
As Optus customers seek more compensation from the telco a spokeswoman from Slater and Gordon said it was too early to be considering a class action.
“We aren’t sure what the cause of the network outage is,” the spokeswoman said.
“We are closely monitoring the situation.”
Why Australia will continue to rely on high migration
A low migration scenario in Australia would require a complete overhaul of our national business model. This is not likely and looking up to 40 years into the future, the only plausible migration scenario for the nation is a high one.
Grand Hyatt Melbourne checks in for retail revamp
The five-star hotel is being revamped to include a new retail podium that will complement its accommodation offering.