Triple threat: Australian law firms join forces to litigate Medibank data breach

Triple threat: Australian law firms join forces to litigate Medibank data breach

Three Australian law firms have partnered up to launch a landmark data breach complaint against private health insurer Medibank (ASX: MPL), which could be forced to provide compensation payments to 9.7 million current and former customers impacted by a cyberattack in 2021.

Law firms Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers – which had been pursuing separate actions against Medibank – have entered a joint cooperation agreement against Medibank and ahm in relation to the cyberattack.

The move comes one month after Maurice Blackburn lodged a representative complaint against Medibank with the Office of the Australian Information Commissioner (OAIC) – a regulator that has the power to order compensation for affected customers.

The firm alleged that Medibank failed in its duties by not taking steps to protect the privacy of its customers’ personal and sensitive health information from interference, loss, unauthorised access and unauthorised disclosure.

Bannister Law Class Actions Principal Charles Bannister said he hoped the new cooperation agreement would lead swiftly to compensation payments to the millions of Medibank customers whose data was stolen.

The firms confirmed they have been investigating compensation claims and have already registered tens of thousands of Medibank customers.

“We believe the data breach is a betrayal of Medibank Private’s customers and a breach of the Privacy Act. Medibank has a duty to keep this kind of information confidential,” Bannister said.

The breach, which was announced to shareholders in mid-October last year, affected roughly 5.1 million Medibank customers, 2.8 million ahm customers, 1.8 million international customers and 900 Medibank staff

The leak also included customer names, addresses, dates of birth, phone numbers, email addresses and the Medicare numbers of ahm customers (without the expiry dates), as well as the passport numbers of international students.

As a result, the Australian Prudential Regulation Authority (APRA) intensified its supervision of the private health insurer, which refused to pay a USD$10 million ransom (AUD$14 million) to the hacker behind the cyberattack.

In December last year, widespread media reports indicated that the majority of stolen customer data was dumped on the dark web via six zipped files.

While Medibank confirmed the files were believed to contain hacked information, it noted much of the data was incomplete and hard to understand.  

Maurice Blackburn’s head of class actions Andrew Watson said the cooperation agreement was a significant development.

“This data breach has caused millions of Australians significant distress,” Watson said.

“The cooperation agreement ensures that all three law firms are working together for the common aim of obtaining compensation for those affected as quickly as possible.”

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

SMEs urged to consider business insurance to mitigate financial risks
Partner Content
A single “bad luck” incident could cause financial disaster for many Australian sma...
Advertisement

Related Stories

Bannister, Centennial investigate class action against Medibank over data hack

Bannister, Centennial investigate class action against Medibank over data hack

Update (14 November): Since this story was published, another law f...

Maurice Blackburn launches legal probe into Medibank cyberattack

Maurice Blackburn launches legal probe into Medibank cyberattack

National law firm Maurice Blackburn is spearheading the second lega...

APRA intensifies scrutiny of Medibank after major cyberattack

APRA intensifies scrutiny of Medibank after major cyberattack

The Australian Prudential Regulation Authority (APRA) has intensifi...

“The work is not over”: Criminal behind Medibank hack dumps more customer data on the dark web

“The work is not over”: Criminal behind Medibank hack dumps more customer data on the dark web

On the same day that Maurice Blackburn lodged a representative...