Login
Firms join forces on Medibank action
After one of the most serious data breaches in Australian history, three firms have teamed up to pursue compensation action on behalf of millions.
Lauren Croft
On 13 October 2022, Medibank Private Limited confirmed in an ASX release that it had detected “unusual activity” on its network, before disclosing that customer data had been accessed and stolen, affecting as many as 9.7 million current and former Medibank, ahm, and international student customers.
Maurice Blackburn first started investigating a claim against Medibank in November last year, a week after Bannister Law Class Actions and Centennial Lawyers launched a similar investigation. At the time, the firm was also in the process of considering a class action against Optus following its own data breach.
Following this, Maurice Blackburn lodged a representative complaint on behalf of millions of Medibank customers with the Office of the Australian Information Commissioner (OAIC), which has the power to order compensation.
Now, the three firms have joined forces to run a complaint against the private health insurance provider, entering into a joint co-operation agreement against Medibank and ahm in relation to the data breach.
The firms have already registered tens of thousands of Medibank customers — and under the co-operation agreement, will now pursue the OAIC complaint seeking compensation for those affected by the data breach.
Bannister Law Class Actions principal Charles Bannister said he hoped the co-operation agreement would lead swiftly to compensation payments to the millions of Medibank customers whose data was breached.
“We believe the data breach is a betrayal of Medibank Private’s customers and a breach of the Privacy Act,” he said.
“Medibank has a duty to keep this kind of information confidential.”
The breach involved highly personal information of millions of Medibank customers, including names, dates of birth, phone numbers, email addresses, some Medicare and passport numbers and in some cases, sensitive healthcare information, including codes associated with diagnosis and medical procedures.
A ransomware group has since been posting the stolen data online in an attempt to extort the company. In response to Medibank not meeting its ransom demand, hackers have started to release the remaining customer data on the dark web.
Maurice Blackburn’s head of class actions Andrew Watson said the co-operation agreement was a significant development.
“This data breach has caused millions of Australians significant distress,” he said.
“The co-operation agreement ensures that all three law firms are working together for the common aim of obtaining compensation for those affected as quickly as possible.”
Current or former Medibank, ahm, or international student customers are eligible for the compensation action.
“The data breach exposes the lack of safeguards in place to prevent such personal and private information being released to wrongdoers, and Medibank and ahm have failed policy holders,” added Adjunct Professor George Newhouse of Centennial Lawyers.
Lauren Croft
Lauren is a journalist at Lawyers Weekly and graduated with a Bachelor of Journalism from Macleay College. Prior to joining Lawyers Weekly, she worked as a trade journalist for media and travel industry publications and Travel Weekly. Originally born in England, Lauren enjoys trying new bars and restaurants, attending music festivals and travelling. She is also a keen snowboarder and pre-pandemic, spent a season living in a French ski resort.
