Advertisement
News

Optus sued over huge data breach

Adrian Black
Aug 08, 2025, updated Aug 08, 2025
ACCC chair Gina Cass-Gottlieb on Optus breach

Source: AAP

Optus seriously interfered with the privacy of about 9.5 million Australians in failing to protect their data, and could face hefty fines for each breach in new court action.

The Office of the Australian Information Commissioner has filed Federal Court proceedings against the telco for the September 2022 cyber attack, in which the private data of customers – including home addresses, birth dates, phone numbers and email addresses – found its way to the dark web.

Optus failed to take reasonable steps to protect users’ data, breaching the telco’s obligations under the Privacy Act, chief commissioner Elizabeth Tydd said.

“Organisations hold personal information within legal requirements and based upon trust,” she said.

“The Australian community should have confidence that organisations will act accordingly, and if they don’t the OAIC as regulator will act to secure those rights.”

The action comes after the organisation’s investigation following the attack.

Optus said it would review and consider the matters raised in the proceedings and would respond to the OAIC’s claims in due course.

“Optus apologises again to our customers and the broader community that the 2022 cyber-attack occurred,” a spokesman said on Friday.

“We strive every day to protect our customers’ information and have been working hard to minimise any impact the cyber attack may have had.”

The Federal Court can impose a civil penalty of up to $2.22 million for each contravention of the Act. The OAIC has alleged one breach for each of the about 9.5 million individuals affected.

Imposing the maximum penalty for all victims would be impossible, since Optus’ Singapore-listed owner Singtel has a total market value of about $101.5 billion.

The breach highlighted some of the risks associated with external-facing websites, particularly when they interacted with internal databases holding personal information, Australian Privacy Commissioner Carly Kind said.

“All organisations holding personal information need to ensure they have strong data governance and security practices,” she said.

“These need to be both thorough and embedded, to guard against vulnerabilities that threat actors will be ready to exploit.”

­-AAP

Want to see more stories from The New Daily in your Google search results?

  1. Click here to set The New Daily as a preferred source.
  2. Tick the box next to "The New Daily". That's it.
Topics: Optus
Advertisement
More News >
Trump confirms he won’t attend son’s wedding
US

Trump confirms he won’t attend son’s wedding

Police seek witnesses as Andrew inquiry deepens
UK

Police seek witnesses as Andrew inquiry deepens

Tony Abbott to be named new Liberal Party president
Australian Politics

Tony Abbott to be named new Liberal Party president

NSW meteor: Where it might have come from
Science

NSW meteor: Where it might have come from

Footage captures long wait for Everest moment
Asia

Footage captures long wait for Everest moment

ALP caught in budget backwash, One Nation surfs
Opinion

ALP caught in budget backwash, One Nation surfs

Joyce sorry for One Nation staffer's 'shut up' comment
Australian Politics

Joyce sorry for One Nation staffer's 'shut up' comment

Australian tourist falls to his death in Peru
News

Australian tourist falls to his death in Peru

Aussie activists claim they were assaulted, tasered
News

Aussie activists claim they were assaulted, tasered

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
Subscribe
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Topics
The New Daily
Copyright © 2026 The New Daily.
All rights reserved.