Particle.news
Download on the App Store
7 ARTICLES
·
3w ago

OAIC Launches Civil Proceedings Against Optus Over 2022 Data Breach

Regulators say systemic cybersecurity failures exposed 9.5 million Australians’ records to unauthorised access, with potential penalties reaching A$2.22 million per violation.

People walk past an Optus store in Sydney.
Image
Image
Image

Overview

  • On August 8, the Office of the Australian Information Commissioner filed civil penalty proceedings in the Federal Court, alleging Optus breached the Privacy Act by failing to protect personal data of about 9.5 million customers.
  • The lawsuit claims Optus seriously interfered with privacy from October 2019 to September 2022 by not taking reasonable steps to prevent misuse and unauthorised disclosure of sensitive identifiers such as passport and driver’s licence numbers.
  • Under current laws, the Federal Court may impose up to A$2.22 million in fines for each alleged contravention, with the OAIC treating every affected individual as a separate breach.
  • Optus has apologised to customers, said it will review and respond to the OAIC’s claims in due course, and pledged continued investment in its cybersecurity and data protection measures.
  • Commissioners Elizabeth Tydd and Carly Kind emphasised that this action underscores a broader push for stronger data governance standards and the embedding of rigorous security practices across organisations.