Optus attempt to keep a Deloitte report on their 2022 data breach hidden has failed. A Federal Court decision allows law firm Slater and Gordon, representing over 10,000 affected customers, access to portions of the report for their class action lawsuit.

This ruling means the report, which is not legally privileged, could reveal details about the data breach. Slater and Gordon aims to use the report's findings to prove Optus' negligence contributed to the customer data leak.

While the full report won't be publicly available, key sections are likely to be revealed during the lawsuit. Optus, while accepting the court's decision, is considering seeking confidentiality orders for specific parts of the report they believe are crucial for protecting their systems and customer data from future cyberattacks.

The crux of the case centred on the purpose of the Deloitte review. Optus claimed it was solely commissioned for legal advice, but a media release in October 2022 stated the review would also help understand the cause of the breach and prevent future occurrences. This broader purpose weakens Optus' claim of legal privilege.

The Optus data breach and the subsequent court decision should serve as a stark reminder for all Australian businesses.  The importance of safeguarding customer information and data cannot be overstated.  A data breach not only exposes customers to potential harm but also damages trust and can lead to significant legal repercussions.

Transparency is key. If a breach occurs, businesses must be prepared to disclose details and cooperate with investigations.  By prioritising data security and implementing robust privacy practices, Australian businesses can build trust with their customers and minimise the risk of a similar situation.

Published by IT News www.itnews.com.au by Jeremy Nadel, 28 May 2024