Lawyers for customers hit by a huge hack at Australian mobile-phone operator Optus filed a complaint with the government’s privacy protection office, kicking off a process that could force the company to compensate those who lost personal data.
Law firm Maurice Blackburn said it lodged a formal complaint with the Office of the Australian Information Commissioner. The firm alleges Optus, which is owned by Singapore Telecommunications Ltd., failed to protect the personal information of customers and destroy data it no longer needed.
Optus said it will “vigorously defend” the complaint.
Optus last month said a security breach exposed the details of 9.8 million former and current customers. More than 2 million of them had identified document numbers compromised, triggering concerns about financial fraud.
Maurice Blackburn Principal Vavaa Mawuli said it’s not yet clear how badly Optus customers have been affected. “People are still getting information about how their data may have been misused,” she said by phone. “Losses aren’t crystallized for many people.”
The hack, one of the largest in Australian history, is threatening to become a crisis for Optus and its Singapore parent. The company is already paying for replacement drivers licenses and passports, and total costs including bills and fines could stretch into hundreds of millions of dollars, according to some estimates.
See also: Japan Foods latest listco to get hit by ransomware - fourth this month
Mawuli said tens of thousands of Optus customers have registered their details with the firm. The complaint with the Office of the Australian Information Commissioner is likely to be the largest ever seen in Australia, she said.
The Office of the Australian Information Commissioner didn’t respond to an email seeking a response. SingTel said earlier this month it had engaged lawyers to defend any potential class action, and reports of potential fines and costs were speculative.
