Law firm Slater & Gordon is investigating a possible class action against Optus over its data breach last week that compromised the personal details of millions of customers and reveals small businesses are “sitting ducks” for criminals, according to CPA Australia.
The law firm said it was exploring “potential legal avenues for affected customers”, thought to be as many as 10 million current and former Optus users, while the accounting body called on the government to find funds in the upcoming budget to help small business defend itself against cyber attacks.
Slater & Gordon senior associate Ben Zocco said the fact the breach appeared to have disclosed driver’s licence and passport numbers of some Optus users was “extremely concerning”.
“This information alone would go a long way in allowing a criminal to steal an affected customer’s identity,” Mr Zocco said. “Very real risks are created by the disclosure of their personally identifiable information, such as addresses and phone numbers.
“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.
“Given the type of information that has been reportedly disclosed, these people can’t simply heed Optus’ advice to be on the look-out for scam emails and text messages.”
The data breach, which is now the subject of an AFP special taskforce investigation, was being assessed by Slater & Gordon for possible legal options on behalf of affected customers.
Slater & Gordon has extensive experience in mass claims arising out of privacy law, including having acted for class members in a landmark data breach case against the Australian government on behalf of thousands of asylum seekers whose personal information was leaked online in 2014.
Cyber security experts contacted by Accountants Daily said while the private information of individuals was compromised, the criminals’ real targets were businesses vulnerable to sophisticated email scams targeting accounts payable.
CPA Australia spokeswoman Dr Jane Rennie said it was now crucial the federal government woke up to the cyber risks for small businesses, which lacked the resources of a large company like Optus to protect against online criminals.
“Australian small businesses are sitting ducks for cyber attacks,” she said. “They simply don’t have the same resources as big corporates to protect themselves against cyber crime.
“New scams, phishing attacks, identity theft and other cyber crimes are occurring daily. A cyber attack can be costly, damaging a company’s reputation and putting customers, business owners and employees at risk.”
With research showing two-thirds of small businesses had failed to review their cyber security in the past 12 months, the government needed to help them get up to speed, she said.
“Too many small businesses are uninsured and unprepared for cyberattacks. Increasing digital literacy and cyber-awareness in business owners and their businesses is critical,” she said.
“Technology training and resources for small businesses need to be increased. We want the federal government to provide this support in the upcoming budget.”
Meanwhile, the AFP confirmed it was aware of reports that some of the stolen data was up for sale on the web and it was working closely with overseas law enforcement to identify the offenders behind this attack.
A special taskforce called Operation Hurricane has been launched to identify the criminals behind the breach and Assistant Commissioner Cyber Command Justine Gough said the AFP was well equipped for investigations of this type.
“This is an ongoing investigation but it is important the community knows the AFP and our partners are doing everything within scope to identify the offenders responsible, and to also ensure we can protect individuals who are now potentially vulnerable to identity theft,” she said.
“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities. Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.”
She said cyber crime was the break and enter of the 21st century and the Optus breach was unlikely to be the last.
“We will use all our technical capabilities and tools to protect the public from cybercrime but we also need the public to be extra vigilant,” she said.
“With that in mind, we ask all Australians to think about their online security and take practical measures to better protect themselves from scams and phishing attempts.”
You are not authorised to post comments.
Comments will undergo moderation before they get published.