Court ruling nears on Optus cyberattack report

afr.com:

A Federal Court justice is expected to rule shortly on whether Optus can claim “legal professional privilege” to stop a report by Deloitte on its 2022 cyberattack from being released as class action lawyers try to get hold of more documents.

The privilege claim was made in class action proceedings brought by Slater & Gordon in the Victorian branch of the Federal Court on behalf of Optus customers whose personal data was stolen.

Optus doesn’t want to release a report by Deloitte into its 2022 cyberattack. 

Personal information of some 10,200 customers – including passport, driver’s licence and Medicare numbers – was posted online.

Optus hired consultants Deloitte to review its security systems and do a forensic investigation into the September 2022cyberattack.

But the telecoms group, which is owned by Singapore’s Singtel, said in August thatit intended to keep Deloitte’s report, which has been completed, confidential.

A hearing on the privilege claim that was scheduled for September 14 was adjourned. But a decision is expected well before another hearing on November 14.

Optus declined to comment on the court proceedings. “We invite any customers affected by the September 2022 cyberattack to contact us,” a spokeswoman said.

Slater & Gordon wants to see the Deloitte report into the causes of the cyberattack and Optus’ security systems to get information for its class action case, which alleges the telecoms group failed to protect the personal information of its customers.

However, even if the judge rejects the Optus claim for legal professional privilege – which protects confidential communications and documents between a lawyer and a client in some circumstances – Optus could use other tactics to try to keep the report