Australia’s Communications and Media Authority (ACMA) has initiated legal proceedings against Optus, the nation’s second-largest telecommunications provider, following a significant data breach in 2022. The ACMA has taken the matter to the Federal Court, accusing Optus of failing to secure its customers’ personal data, thereby breaching the Telecommunications (Interception and Access) Act of 1979.
The data breach, which occurred between September 17 and 20, 2022, compromised the personal information of up to 10 million current and former customers. The stolen data included names, birth dates, addresses, and contact details, affecting nearly one-third of Australia’s population.
Former CEO Kelly Bayer Rosmarin faced extensive criticism for her handling of the breach. Her position was further undermined by a major network outage in October 2022, which disrupted mobile and internet services for almost half of Australia’s 26 million residents for over 12 hours. Bayer Rosmarin resigned in November, stating that her departure was in Optus’s best interest.
Optus’s parent company, Singtel, has expressed its intention to contest the ACMA’s legal action. Singtel informed investors that the company could not predict the potential penalties resulting from the proceedings.
In addition to this lawsuit, Optus is also dealing with another legal challenge related to the cyberattack. After the breach, Optus commissioned Deloitte to investigate the incident’s causes. Affected customers, represented by law firm Slater and Gordon, have initiated legal action to compel the publication of Deloitte’s findings.
The dual lawsuits underscore the ongoing challenges Optus faces in the wake of the 2022 data breach, highlighting the critical importance of robust cybersecurity measures in protecting consumer information.