Medibank faces third class action over cyber breach

Medibank faces third class action over cyber breach | Insurance Business Australia

Insurance News

Medibank faces third class action over cyber breach

Claim extends to customers of company’s other brands

Insurance News

By
Roxanne Libatique

Major private health insurer Medibank has been hit by its third class action over the October 2022 data breach that made the headlines.

In a statement, class-action law firm Slater and Gordon confirmed that it already issued proceedings against Medibank on behalf of former, existing, and prospective customers whose highly sensitive personal information was obtained by cyber attackers and posted on the internet.

The claim extends to customers of Medibank’s travel insurance products and subsidiary Australian Health Management (ahm), noting Medibank’s announcement early this year that the data breach extended to one of its brands. The class action also extends to children whose information was affected, as are authorised representatives and providers.

The law firm claimed that both companies:

failed to protect or take reasonable steps to protect their customers’ personal information from unauthorised access or disclosure;
failed to destroy or de-identify former customers’ personal information; and
failed to comply with legal obligations in collecting, using, storing, and disclosing customer information.

The class action further claimed that Medibank breached its contractual obligations to customers to whom it assured it had “adequate and appropriate security controls in place” to protect their personal information.

Medibank responds to class action

In a statement, Medibank acknowledged the consumer class action against the company filed by Slater and Gordon in the Federal Court of Australia on May 04, 2023.

“Medibank understands that these proceedings have been brought on behalf of current, former, and prospective customers, authorised representatives of customers, and providers of healthcare services in relation to the cybercrime event,” it said. “The statement of claim includes allegations of breach of contract, negligence, and contraventions of the Australian Consumer Law.”

The insurer confirmed that it will defend the proceedings while continuing to support its customers from the impact of the breach through its previously announced Cyber Response Support Program.