Law firm Slater & Gordon is investigating a potential class action lawsuit against Optus over its data breach last week that compromised the personal data of millions of customers and left small businesses “sitting ducks” for cybercriminals, according to CPA Australia.
The law firm said it was exploring “potential legal avenues for affected customers”, estimated at 10 million current and former Optus users, while the accounting body called on the government to find funds in the next budget to help small businesses defend themselves. against cyberattacks.
Slater & Gordon’s senior partner Ben Zocco said the fact the breach appeared to leak driver’s license and passport numbers for some Optus users was “extremely concerning”.
“This information alone would go a long way in enabling a criminal to steal the identity of an affected customer,” Zocco said. “Very real risks are created by disclosing their personally identifiable information, such as addresses and phone numbers.
“We consider that the consequences could be particularly severe for vulnerable members of society, such as victims of domestic violence, victims of harassment and other threatening behavior, and people who are applying or have already applied for asylum in Australia.
“Given the type of information that would have been leaked, these individuals cannot simply follow Optus’ advice to be on the lookout for fraudulent emails and text messages.”
The data breach, which is now the subject of a special investigation by AFP, was being assessed by Slater & Gordon for possible legal options on behalf of affected clients.
Slater & Gordon has extensive experience in mass claims arising under privacy legislation, including representing class members in a landmark data breach case against the Australian government on behalf of thousands of claimants asylum seeker whose personal information leaked online in 2014.
Cybersecurity experts contacted by Accountants Daily said that while individuals’ private information was compromised, the real targets for criminals were businesses vulnerable to sophisticated email scams targeting accounts payable.
CPA Australia spokeswoman Dr Jane Rennie said it was now crucial for the Federal Government to wake up to cyber risks for small businesses, which lacked the resources of a large company like Optus to protect themselves. against online criminals.
“Australia’s small businesses are the sitting ducks for cyberattacks,” she said. “They just don’t have the same resources as big companies to protect themselves against cybercrime.
“New scams, phishing attacks, identity thefts and other cybercrimes are happening daily. A cyberattack can be costly, damage a company’s reputation, and put customers, business owners, and employees at risk. »
With research showing that two-thirds of small businesses had not reviewed their cybersecurity in the past 12 months, the government needed to help them get up to speed, she said.
“Too many small businesses are uninsured and unprepared for cyberattacks. It is essential to increase the digital literacy and cyber awareness of business owners and their businesses,” she says.
“Technology training and resources for small businesses need to be increased. We want the federal government to provide that support in the next budget.
Meanwhile, AFP confirmed that it was aware of reports that some of the stolen data was for sale on the web and that it was working closely with foreign law enforcement to identify the perpetrators. this attack.
A special task force called Operation Hurricane has been launched to identify the criminals behind the breach and Cyber Command Deputy Commissioner Justine Gough said AFP is well equipped for such investigations. .
“This is an ongoing investigation, but it is important for the community to know that AFP and our partners are doing everything in their power to identify the perpetrators, and also to ensure that we can protect people who are now potentially vulnerable to identity theft,” she said.
“We are aware of reports of stolen data being sold on the dark web and that is why AFP monitors the dark web using a range of specialist capabilities. The criminals, who use pseudonyms and anonymizing technologies , can’t see us, but I can tell you that we can see them.”
She said cybercrime was the breaking and entering of the 21st century and the Optus breach was unlikely to be the last.
“We will use all of our technical capabilities and tools to protect the public from cybercrime, but we also need the public to be extra vigilant.,” she says.
“With that in mind, we’re asking all Australians to think about their online safety and take practical steps to better protect themselves against scams and phishing attempts.”