Court ruling nears on Optus cyberattack report

A hearing on the privilege claim that was scheduled for September 14 was adjourned. But a decision is expected well before another hearing on November 14.

Optus declined to comment on the court proceedings. “We invite any customers affected by the September 2022 cyberattack to contact us,” a spokeswoman said.

Slater & Gordon wants to see the Deloitte report into the causes of the cyberattack and Optus’ security systems to get information for its class action case, which alleges the telecoms group failed to protect the personal information of its customers.

However, even if the judge rejects the Optus claim for legal professional privilege – which protects confidential communications and documents between a lawyer and a client in some circumstances – Optus could use other tactics to try to keep the report from being released publicly.

Slater & Gordon remains in talks with Optus over the release of other documents related to the cyberattack.

The law firm wants copies of complaints lodged with the Office of the Australian Information Commissioner (OAIC), but Justice Beach has said the request is subject to both parties agreeing on “an appropriate confidentiality regime”.

If an agreement on how to manage documents is reached, Optus is due to provide Slater & Gordon with OAIC-related documents by October 20.

Other law firms have also been investigating class actions. Maurice Blackburn and Johnson Winter Slattery made complaints to OAIC in October 2022, the same month that the commissioner began investigating how Optus handled customers’ personal information.

Both OAIC and the Australian Communications and Media Authority are still investigating the data breach, focusing on how Optus handles personal information.

OAIC’s inquiries are focusing on whether Optus took “reasonable steps” to protect the personal information it held from interference and loss, and whether the information collected and retained was necessary for its business services.