“An avenue of redress”: OAIC launches probe into Medibank hack

“An avenue of redress”: OAIC launches probe into Medibank hack

Private health insurer Medibank (ASX: MPL) has announced today it is being investigated by Australia’s privacy watchdog over a cyberattack that impacted almost 10 million former and current customers last year.

The Office of the Australian Information Commissioner (OAIC) has launched its probe into the hack following a representative complaint lodged by Maurice Blackburn five months ago.

In its complaint, the Melbourne-based law firm alleges the private health insurer failed to take steps to protect the privacy of its customers’ personal information and sensitive health information from interference, loss, unauthorised access and unauthorised disclosure.

The cyberattack affected roughly 5.1 million Medibank customers, 2.8 million ahm customers, 1.8 million international customers and 900 Medibank staff. Following the breach, the majority of stolen customer data was dumped on the dark web via six zipped files.

In an announcement made on the ASX today, Medibank confirmed it is being investigated by the OAIC regarding Maurice Blackburn's complaint in parallel to the Commissioner's own probe.

Maurice Blackburn national head of class actions Andrew Watson, who is leading the Medibank class action, welcomed the decision to investigate from the OAIC.

“It was always our view that the OAIC should investigate this breach and whether victims of the Medibank data breach should be eligible for compensation,” Watson said.

“It is well known that the disclosure of this information has caused millions of Australians significant distress. The complaint lodged with the OAIC offers an avenue of redress to those affected by this incident.

“Nothing will ever undo the damage that has been caused by this data breach, but the OAIC agreeing to investigate our complaint to seek compensation from Medibank, including for financial and non-financial loss, is a significant step that we hope will go some way to providing a measure of justice for those impacted.”

One week ago, thousands of current and former Medibank customers joined a class action lawsuit filed by Melbourne-based law firm Slater and Gordon (ASX: SGH) in the Federal Court over the data hack.

Members of the claim are seeking compensation for the time and money spent replacing identity documents, in addition to other measures to protect their privacy and prevent the increased likelihood of them falling victim to scams and identity theft.

US-based firm Quinn Emanuel Urquhart & Sullivanalso launched legal proceedings against the company, alleging it breached its disclosure obligations by not disclosing to the market the alleged deficiencies in its cyber security systems.  

While Australian law firms Maurice Blackburn LawyersBannister Law Class Actions and Centennial Lawyers had been pursuing separate legal actions against Medibank, the start of this year saw them enter a joint cooperation agreement against Medibank and ahm in relation to the cyberattack.

Following the breach, Australian Prudential Regulation Authority (APRA) intensified its supervision of the private health insurer, which refused to pay a USD$10 million ransom (AUD$14 million) to the hacker behind the cyberattack

The OAIC announced two days ago it was teaming up with the New Zealand Office of the Privacy Commissioner (OPC) to scrutinise a Latitude (ASX: LFS) cyberattack that resulted in 14 million personal documents being stolen earlier this year.

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

SMEs urged to consider business insurance to mitigate financial risks
Partner Content
A single “bad luck” incident could cause financial disaster for many Australian sma...
Advertisement

Related Stories

“I feel exposed and unsettled”: Medibank hit with yet another class action over cyberattack

“I feel exposed and unsettled”: Medibank hit with yet another class action over cyberattack

Thousands of current and former Medibank (ASX: MPL) customers have ...

Medibank withholds Deloitte findings into cyberattack

Medibank withholds Deloitte findings into cyberattack

Private healthcare insurer Medibank (ASX: MPL) has revealed it will...

Medibank shareholders launch new class action over cyberattack

Medibank shareholders launch new class action over cyberattack

Private health insurer Medibank (ASX: MPL) has been hit with a thir...

Medibank to fight class action lawsuit launched by global law firm Baker McKenzie

Medibank to fight class action lawsuit launched by global law firm Baker McKenzie

Baker McKenzie has become the fourth law firm to launch legal proce...