iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Optus is working overtime to keep the details of the cyber attack it suffered last year under wraps, with the telco never intending to release a report it commissioned on the data breach.
Following the breach that saw the personal data of 11 million customers compromised last year, Optus sought the assistance of big four consulting firm Deloitte to conduct a review of the telco’s security measures and the vulnerabilities that allowed attackers in.
Whilst Optus chief executive officer Kelly Bayer Rosmarin said the Deloitte report would form a crucial part of the company’s response and that it may “help others in the private and public sector,” the telco has now said it has no plans to release any information of the report to its customers or the greater public.
The company has pleaded that the report “is confidential and the subject of a legal professional privilege”, according to a spokesperson speaking with The Australian Financial Review.
Legal professional privilege is a common law that refers to the protection of confidential information between a legal professional and a client “made for the dominant purpose of the lawyer providing legal advice or professional legal services to the client, or for use in current or anticipated litigation”.
“Deloitte completed its report into the cyber attack a while ago, but as the matter is currently before the courts and the attack remains the subject of criminal investigation, Optus is making no further comment about the report, which is and remains confidential, as is common precedent,” the spokesperson added.
Optus has made the claim during a class action filed by Slater & Gordon in the Federal Court which says that the telco failed to keep the personal details of its customers, both current and former, secure. Slater & Gordon has requested that the Deloitte report, alongside documents Optus provided Deloitte to write the report, be unveiled.
According to the AFR, Optus has refused to reveal what it will do if its legal professional privilege claim fails.
Investigations by the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) are ongoing. Both bodies are coordinating with their investigations, which are looking into how Optus deals with personal information.
Both investigations will be made public.
“We are progressing the investigation as a priority, but as it is a large and complex investigation, it will take time to complete,” said a spokesperson with the ACMA via AFR.
The 2022–23 financial year saw Optus become the most distrusted company in the country, beating out the likes of Meta, News Corp, and Telstra.
Medibank, who suffered its major cyber breach only the month after, has also said it refuses to release the Deloitte report in its cyber attack.
Be the first to hear the latest developments in the cyber industry.
