National law firm Maurice Blackburn is spearheading the second legal investigation into private health insurer Medibank (ASX: MPL) after the company revealed data for almost 10 million current and former customers were stolen by Russian hackers.
Described by the firm as “one of the most serious data breaches in Australian history”, the probe comes less than a week after Bannister Law Class Actions and Centennial Lawyers announced they were partnering up to explore the potential of a class action lawsuit as well.
The breach - which saw the health information of some customers posted on a dark web forum - impacted roughly 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers. International students also had their passport numbers and visa details accessed.
The Melbourne-based firm is also undertaking early-stage investigations into a class action against Optus, which saw the personal information of millions of its customers stolen in a cyberattack that occurred almost two months ago. Data obtained in the breach included the names, addresses, phone numbers and identification document numbers of previous and current customers.
Maurice Blackburn principal lawyer Andrew Watson said the firm was carefully reviewing the latest breach and investigating whether customers are entitled to compensation.
“Companies that hold their customer’s sensitive health information have an important obligation to make sure that information is safeguarded, commensurate with the sensitivity of that data,” Watson said.
“As custodians of customer’s personal health information, Medibank have a heightened responsibility to put in place greater safeguards to secure the personal and health claim information it collected from its customers, including appropriate security and monitoring systems to protect against unauthorised access or disclosure of that data.
“Medibank, ahm and international student customers will understandably feel very vulnerable and distressed as a result of this incident.”
Maurice Blackburn’s announcement comes after the Australian Federal Police (AFP) confirmed it is working with international agencies such as INTERPOL to investigate the breach, which they believe was conducted in Russia.
“Our intelligence points to a group of loosely affiliated cyber criminals, who are likely responsible for past significant breaches in countries across the world,” AFP Commissioner Reece Kershaw said in a statement.
“These cyber criminals are operating like a business with affiliates and associates, who are supporting the business. We also believe some affiliates may be in other countries.
“We believe we know which individuals are responsible but I will not be naming them. What I will say is that we will be holding talks with Russian law enforcement about these individuals.”
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support