Following the Optus, Medibank, and Latitude breaches, millions of Australians are asking: can I get compensation? The answer is: increasingly, yes — and the legal landscape is shifting rapidly in favour of consumers.

The Short Answer

You may be entitled to compensation if:

  • An organisation failed to take reasonable steps to protect your data
  • You suffered actual harm as a result (financial loss, identity theft, distress)
  • The breach was reportable under the Notifiable Data Breaches scheme

Class Action Lawsuits in Australia

Optus Breach (2022)

Slater and Gordon launched a class action against Optus on behalf of affected customers. The case centres on whether Optus took adequate steps to protect 9.8 million customers’ data. If you were an Optus customer and received a breach notification, you may be eligible to join.

Contact Slater and Gordon at slatergordon.com.au

Medibank Breach (2022)

Multiple class actions have been filed against Medibank, including by Bannister Law Class Actions and Maurice Blackburn. The Medibank breach is considered particularly egregious because the company allegedly had warnings about vulnerabilities and failed to act.

Contact Maurice Blackburn at mauriceblackburn.com.au

Latitude Breach (2023)

Legal firms have announced investigations into potential class actions following the 14 million record breach. Given the severity of ID document exposure, this case has strong grounds.

The Privacy Act and Your Rights

Under the Privacy Act 1988, the OAIC can investigate complaints and recommend that organisations pay compensation. While the OAIC cannot currently order compensation directly, amendments proposed under the Privacy Act review may change this.

You can lodge a complaint with the OAIC at oaic.gov.au — this is free and the OAIC has real enforcement powers including injunctions and fines.

What You Need to Prove

For a successful claim you generally need to show:

  1. The breach occurred — usually established by the company’s notifications
  2. Your data was included — breach notification or HIBP confirmation
  3. Harm resulted — financial loss, identity theft costs, time spent remedying, distress
  4. The organisation was negligent — failed to take reasonable protective measures

What Compensation Might Look Like

Australian class actions typically result in:

  • Fixed amounts per affected individual ($50-$500 depending on data sensitivity)
  • Higher amounts for those who suffered demonstrable harm (identity theft, financial loss)
  • Free credit monitoring or identity protection services
  • Improvements to the company’s security practices

Steps to Take Now to Protect Your Claim

  1. Keep all breach notifications you received from the company
  2. Document any harm: time spent changing passwords, calls to banks, any financial losses
  3. Check your breach exposure and keep a record: Free breach check →
  4. Register interest with law firms running relevant class actions
  5. Lodge an OAIC complaint if you’ve suffered serious harm

Need Help Understanding Your Exposure?

A DataGuard audit documents exactly what data of yours is circulating online — useful evidence if you’re pursuing a claim. Get a Personal Audit for $99 →