Bannister, Centennial investigate class action against Medibank over data hack

Update (14 November): Since this story was published, another law firm Maurice Blackburn has also announced a probe into Medibank (ASX: MPL) over the unprecedented hack in Australia of data including health claims. 

Update (1 December): Maurice Blackburn announced it has lodged a representative complaint against Medibank with the Office of the Australian Information Commissioner (OAIC).

As Medibank CEO David Koczkar refuses to cave in to hackers' demands over the stolen data of almost 10 million customers, the health insurer could also face threats from another front as two law firms join forces to explore a class action.

Bannister Law Class Actions and Centennial Lawyers will investigate the serious data breach at Medibank that has affected 5.1 million of the eponymous brand's customers, around 2.8 million ahm customers and approximately 1.8 million international customers.

Centennial is known for being behind the first privacy class action recorded in Australia on behalf of 108 NSW ambulance workers who had their workers’ compensation files unlawfully accessed and extracts of them sold.

But if the class action currently under investigation goes ahead it would likely involve claims that are orders of magnitude higher than the $275,000 settled in the NSW ambulance case in late 2019.

The Medibank data breach was first reported last month and is viewed by experts as potentially more serious than the recent Optus hack given it also pertains to health details.

The insurer believes a criminal has accessed health claims detail - including service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered - for around 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers.

The two firms will be investigating whether Medibank breached its privacy policy and the terms of its contracts for the medical insurance provided to customers.

"The lawyers will also assess whether damages should be paid to Medibank customers as a result of their breaches. This latest data breach exposes the lack of safeguards in place to prevent such personal and private information being released to wrongdoers and Medibank and ahm have failed policy holders in these circumstances," Bannister and Centennial wrote in a statement.

"This latest data breach exposes the lack of safeguards in place to prevent such personal and private information being released to wrongdoers and Medibank & ahm have failed policy holders in these circumstances."

Meanwhile, Slater & Gordon (ASX: SGH) and Maurice Blackburn are also undertaking early stage investigations into class actions against Optus connected to the telco's announcement on 22 September that a cyberattack had compromised its systems and resulted in unlawful access to the personal information of millions of current and former customers, including names, addresses, phone numbers and identification document numbers.

Bannister also filed a class action against Tyro Payments (ASX: TYR) late last year following the impacts of a three-week terminal outage on merchants using the service, and is currently investigating two separate class actions relating to collapsed neobank Volt Bank and debt collector Collection House (ASX: CLH). The firm has previously successfully settled class actions against sandalwood producer Quintis, Dick Smith Holdings, and Volkswagen, among others.