Optus Faces Record Penalties Over 2022 Data Breach

The Office of the Australian Information Commissioner (OAIC) has launched civil proceedings in Australia's Federal Court against Optus, alleging the company failed to adequately protect the personal information of about 9.5 million customers during a major 2022 data breach. The incident, which compromised sensitive data such as passport and driver's licence numbers, affected roughly 40% of the Australian population. The OAIC claims that Optus did not manage cybersecurity risks properly for nearly three years, violating the Privacy Act 1988. Each breach could result in a penalty of up to A$2.22 million, but the total fine will be determined by the court. Optus has stated it is reviewing the allegations and is continuing to invest in security and customer protection. The case highlights strengthened regulatory enforcement of privacy rights in Australia.