Australian regulators have launched legal action against Optus, alleging the Singapore Telecommunications-owned carrier breached privacy laws during a 2022 cyber attack that compromised the personal data of millions of customers, Reuters news report said.
The Office of the Australian Information Commissioner (AIC) has accused Optus of violating the Privacy Act 1988, which governs the handling of personal information by government agencies and private entities. Proceedings have been filed against Singtel Optus Pty Ltd and Optus Systems.
The AIC alleges one breach of the law for each of the 9.5 million customers impacted by the incident, meaning the court could impose fines of up to A$2.2 million per breach. While the watchdog did not disclose the total amount sought, potential penalties could be in the billions. Optus said it is reviewing the claims but has not assessed the potential financial impact.
The September 2022 breach, one of the worst in Australia’s history, exposed sensitive details including home addresses, passport information and phone numbers. Around 10 million Australians — roughly 40 percent of the population — were affected, with many experiencing disruptions to mobile, broadband and landline services for much of the day.
The attack sparked widespread public outrage and prompted Prime Minister Anthony Albanese to push for tougher privacy laws, including faster breach notifications to banks.
Optus’ public image was further damaged by a 12-hour nationwide network outage in 2023, leading to the resignation of CEO Kelly Bayer Rosmarin in November that year. The company also faced separate court action from the domestic media regulator in May 2024 over the same cyber incident.
TelecomLead.com News Desk