The Office of the Australian Information Commissioner (OAIC) informed Optus it will start an investigation prompted by a complaint by an individual about a data breach resulting in unauthorised access of customer information in 2022.

Singtel-owned Optus explained in a statement it is reviewing the complaint sent to the commissioner by law company Johnson Winter Slattery on behalf of an individual.

The OAIC decided to investigate the complaint lodged on 4 October 2022, which Optus stated “has only just now been brought” to its attention.

Various remedies are being sought by the complainant for the individual and others affected by the attack, “including compensation and enquiry by the OAIC as to the circumstances” leading to and the “extent of the data breach”.

Optus said it will “vigorously defend the matter”.

The cyberattack impacted up to 9 million Optus customers, with the OAIC and the Australian Communications and Media Authority commencing separate investigations shortly after.