Optus says it still does not know how much data was stolen in hack
Optus says it still does not know how much customer information was stolen nearly a year after a massive cybersecurity breach, and has denied it had a duty of care to protect the affected customers from harm.
In its defence to a class action lodged by Slater & Gordon in early April, the company argues that it should not be forced to pay compensation even if it breached telecommunications laws requiring users’ personal data to be stored securely, as the wait for an external review into the breach drags on.
The hacker has yet to be identified or caught, and Optus has not publicly pinned down the source the hack despite an ongoing debate around the complexity of the breach. Nikki Short
Optus in its defence denies allegations it failed to secure data, breached laws and contracts, or was negligent after a hacker accessed the personal information of nearly 9.8 million former and current users last September.
This included Medicare, driver’s licence and passport numbers, as well as home addresses and phone numbers, prompting a furious response from the federal government. It was the first of a wave of major cyberattacks on Australian firms that focused public attention on the problem.
But nine months on Optus has told the Federal Court it does not know how much data was stolen, except for a sample set of 10,178 customer files that the hacker released on a forum for online criminals.
Optus’ companies “do not know and therefore do not admit how much of the Optus Customer [personal information] was obtained by the cyber-attacker”, its defence states.
While the hacker claimed to access the details of about 10 million people and posted a ransom threat, their demand was aborted days later amid a flurry of press attention and law
Read more on afr.com
