cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Optus requests Deloitte cyber attack investigation not be released by Federal Court

Optus is working overtime to keep the details of the cyber attack it suffered last year under wraps, with the telco never intending to release a report it commissioned on the data breach.

user icon Daniel Croft
Thu, 31 Aug 2023
Optus requests Deloitte cyberattack investigation not be released by Federal Court
expand image

Following the breach that saw the personal data of 11 million customers compromised last year, Optus sought the assistance of big four consulting firm Deloitte to conduct a review of the telco’s security measures and the vulnerabilities that allowed attackers in.

Whilst Optus chief executive officer Kelly Bayer Rosmarin said the Deloitte report would form a crucial part of the company’s response and that it may “help others in the private and public sector,” the telco has now said it has no plans to release any information of the report to its customers or the greater public.

The company has pleaded that the report “is confidential and the subject of a legal professional privilege”, according to a spokesperson speaking with The Australian Financial Review.

Legal professional privilege is a common law that refers to the protection of confidential information between a legal professional and a client “made for the dominant purpose of the lawyer providing legal advice or professional legal services to the client, or for use in current or anticipated litigation”.

“Deloitte completed its report into the cyber attack a while ago, but as the matter is currently before the courts and the attack remains the subject of criminal investigation, Optus is making no further comment about the report, which is and remains confidential, as is common precedent,” the spokesperson added.

Optus has made the claim during a class action filed by Slater & Gordon in the Federal Court which says that the telco failed to keep the personal details of its customers, both current and former, secure. Slater & Gordon has requested that the Deloitte report, alongside documents Optus provided Deloitte to write the report, be unveiled.

According to the AFR, Optus has refused to reveal what it will do if its legal professional privilege claim fails.

Investigations by the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) are ongoing. Both bodies are coordinating with their investigations, which are looking into how Optus deals with personal information.

Both investigations will be made public.

“We are progressing the investigation as a priority, but as it is a large and complex investigation, it will take time to complete,” said a spokesperson with the ACMA via AFR.

The 2022–23 financial year saw Optus become the most distrusted company in the country, beating out the likes of Meta, News Corp, and Telstra.

Medibank, who suffered its major cyber breach only the month after, has also said it refuses to release the Deloitte report in its cyber attack.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.