Photograph: David Gray/AFP/Getty Images

Optus has lost a bid in federal court to keep secret a report on the cause of a 2022 cyberattack – which resulted in the personal information of nearly 10 million customers being exposed – after a judge rejected the telco’s legal privilege claim. after.

Following the hack, the company had announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of the cause of the cyber attack.

Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner (OAIC) ​​and a class action case in the Federal Court.

RELATED: Optus outage: Company’s offer of free data as compensation slammed as ‘hollow gesture’

As part of the class action case, the law firm Slater and Gordon, acting for the applicants, sought access to the Deloitte report which had never been made public.

Optus had argued in court that the primary purpose of the report was to assess legal risk to the company. It claimed that Deloitte’s report would help the company’s internal and external lawyers advise the company about the risks associated with the hack.

But Justice Jonathan Beach found that the company’s October 2022 media release, citing a Deloitte report, presented “a real problem” for Optus’s case, saying it was for legal advice, because the release did not say that The report was recommended by a lawyer or was for the purpose of legal advice.

He pointed to comments in a statement by Optus chief executive, Kelly Byrne Rosemarin, who recommended the review to the board in the release, that it would “help ensure we understand how this happened and how we prevent it from happening again.” How can we stop it from happening?

“This will help inform Optus’ response to the incident,” Rosmarin was quoted as saying in the statement.

“This may also help others in the private and public sector where sensitive data is held and the risk of cyberattacks exists.”

RELATED: Telecom companies could be forced to allow customers to roam to rival networks during outages under plan opposed by Optus

Beach said he would hear further orders on discovery, and indicated that although he had found the entire report not to be subject to legal privilege, that did not mean that parts of the report could not be subject to legal privilege.

Orders will be placed at a later date.

The report will not be made public unless it is used as evidence in the case – should it proceed – and Optus does not try to prevent its public release.

It comes as the embattled CEO is under pressure to deal with the company’s 14-hour outage on Wednesday, which took phone and internet services offline for 10 million customers, delayed trains, cut call center and hospital phone lines .

The company has not announced any independent report on the incident, but it is now the subject of two government investigations and a Senate inquiry.

Source: uk.finance.yahoo.com