The Australian Federal Court has rejected Optus’ attempt to withhold a Deloitte report commissioned in response to its 2022 cyber attack from class action lawyers representing affected customers. Optus argued that the report was protected under legal professional privilege as it was primarily sought for legal advice. However, Justice Jonathan Beach ruled against this claim, noting that Optus had mentioned the report in a press release and intended to use it to inform its response to the incident, indicating its primary purpose was not legally privileged.
As a result of the court’s decision, the Deloitte report will now be shared with Slater & Gordon, the law firm leading the class action lawsuit on behalf of impacted Optus customers. While the report itself will not be made public, certain portions of it may become available as the class action progresses, shedding light on the extent and implications of the cyber breach.
Ben Hardwick, the class actions practice group leader at Slater & Gordon, welcomed the court’s ruling, emphasizing Optus’ accountability in addressing the data breach’s impact on its customers. He criticized Optus’ attempts to shield the report, characterizing it as a refusal to acknowledge its responsibility for the breach and its repercussions on millions of Australian customers. This development underscores the importance of transparency and accountability in cybersecurity incidents, particularly in the telecommunications sector where breaches can have far-reaching consequences for individuals and businesses alike.
