cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

5th class action launched against Medibank

Private health insurer Medibank is now facing its fifth class action relating to the major data breach it suffered late last year.

user icon Daniel Croft
Mon, 08 May 2023
5th class action launched against Medibank
expand image

Major Australian compensation and class action law firm Slater & Gordon issued the class action against Medibank in the Federal Court on Friday, 5 May, alleging that the health insurer breached a number of customer data protection, privacy and consumer laws.

“It is alleged that Medibank failed to protect, or take reasonable steps to protect, the personal information of its current, former and prospective customers,” said Slater & Gordon.

The law firm declared a number of specific allegations on its website, stating that:

  • Medibank breached its contract with Medibank customers;
  • Medibank breached the Australian Privacy Principles under the Privacy Act 1988 (Cth);
  • Medibank breached the Private Health Insurance (Prudential Supervision) Act 2015 (Cth);
  • Medibank breached the Consolidating Prudential Standard 234 under the Australian Prudential Regulation Authority Standards;
  • Medibank breached its duty of care to Medibank customers; and
  • Medibank breached Australian Consumer Law.

In an ASX listing on its website, Medibank acknowledges the class action, and says that it will defend against it.

"The statement of claim includes allegations of breach of contract, negligence, and contraventions of the Australian Consumer Law," says Medibank.

"Medibank will defend the proceedings."

In addition, Medibank reiterated that it was providing affected customers with support through a number of measures.

"Medibank continues to support its customers from the impact of the cybercrime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures."

Prior to Slater and Gordon, a joint class action was launched by a trio of law firms, Maurice Blackburn, Bannister Law Class Actions, and Centennial Lawyers. Maurice Blackburn also launched a solo class action against the health insurer.

Following this, a second one was launched by Quinn Emanuel Urquhart & Sullivan, and a third by Baker McKenzie.

The Slater & Gordon class action is the fifth against Medibank, after it suffered one of the worst data breaches in Australian history in October last year.

About 9.7 million people were affected, including 5.1 million Medibank customers, 2.8 million customers of ahm, a subsidiary of Medibank offering cheap “no nonsense” insurance, and 1.8 million international customers.

In response to the breach, consulting company Deloitte conducted an external review and provided Medibank with the findings, including a number of recommendations relating to improving the insurer’s IT security.

Medibank was quick to respond, stating that it plans to “implement all recommendations not already undertaken, along with other enhancements previously planned,” according to an ASX announcement.

“Medibank will also continue to review its cyber security governance arrangements, recognising the increasing prevalence of cyber crime and the need to meet the ongoing expectations of our customers.”

The health insurer has not released the findings of the Deloitte review.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.