Privacy & Cybersecurity

A judge has quashed the OAIC’s decision to reject a second class action-style complaint filed over the massive Optus data breach, finding the Privacy Act does not bar second-in-time proceedings. 

Law firm Pinsent Masons has lured two partners from KPMG Law to head a team of six lawyers for its new technology, media and telecommunications team in Australia. 

More companies may find themselves in the position of Medibank — which recently failed to stay representative proceedings before the privacy regulator while a related class action is on foot — so long as the laws remain unchanged, and law firms are willing to gamble on privacy class actions.

A judge has dismissed a bid by Medibank to restrain the Office of Australian Information Commissioner from proceeding with a class action-style complaint on behalf of millions of the private health insurer’s customers affected by an October 2022 data breach.

The Australian Information Commissioner has launched an investigation into the personal information handling practices of law firm HWL Ebsworth following a cyberattack that saw the firm’s data dumped on the dark web. 

The head of the Australian Taxation Office has flagged cybersecurity as one of his greatest concerns amid millions of attempted cyberattacks on the tax office, saying the prospect of a data breach “keeps me awake at night”.

The Department of Veterans’ Affairs is facing a class action investigation for allegedly sharing the sensitive medical and personal data of 300,000 veterans and their families without authorisation.

HWL Ebsworth has won final orders barring unknown Russian-linked hackers from disseminating confidential information stolen during an April 2023 cyberattack.

A judge has signed off on a 27.5 per cent group costs order in a consolidated shareholder class action against Medibank over a cyberattack that affected 10 million customers, noting the “significant risk” taken on by the two plaintiff law firms running the action. 

The federal government has used its cyber sanction powers for the first time against a Russian individual identified as responsible for an attack against private health insurer Medibank that exposed almost 10 million customer records.