Share this article on:
Private health insurer Medibank is now facing its fifth class action relating to the major data breach it suffered late last year.
Major Australian compensation and class action law firm Slater & Gordon issued the class action against Medibank in the Federal Court on Friday, 5 May, alleging that the health insurer breached a number of customer data protection, privacy and consumer laws.
“It is alleged that Medibank failed to protect, or take reasonable steps to protect, the personal information of its current, former and prospective customers,” said Slater & Gordon.
The law firm declared a number of specific allegations on its website, stating that:
In an ASX listing on its website, Medibank acknowledges the class action, and says that it will defend against it.
"The statement of claim includes allegations of breach of contract, negligence, and contraventions of the Australian Consumer Law," says Medibank.
"Medibank will defend the proceedings."
In addition, Medibank reiterated that it was providing affected customers with support through a number of measures.
"Medibank continues to support its customers from the impact of the cybercrime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures."
Prior to Slater and Gordon, a joint class action was launched by a trio of law firms, Maurice Blackburn, Bannister Law Class Actions, and Centennial Lawyers. Maurice Blackburn also launched a solo class action against the health insurer.
Following this, a second one was launched by Quinn Emanuel Urquhart & Sullivan, and a third by Baker McKenzie.
The Slater & Gordon class action is the fifth against Medibank, after it suffered one of the worst data breaches in Australian history in October last year.
About 9.7 million people were affected, including 5.1 million Medibank customers, 2.8 million customers of ahm, a subsidiary of Medibank offering cheap “no nonsense” insurance, and 1.8 million international customers.
In response to the breach, consulting company Deloitte conducted an external review and provided Medibank with the findings, including a number of recommendations relating to improving the insurer’s IT security.
Medibank was quick to respond, stating that it plans to “implement all recommendations not already undertaken, along with other enhancements previously planned,” according to an ASX announcement.
“Medibank will also continue to review its cyber security governance arrangements, recognising the increasing prevalence of cyber crime and the need to meet the ongoing expectations of our customers.”
The health insurer has not released the findings of the Deloitte review.