[title_words_as_hashtags
Three major law firms have joined forces in a case against Medibank to win millions of its customers compensation for their data breach.
It was confirmed on Sunday that Maurice Blackburn, Bannister Law Class Actions and Centennial Lawyers have partnered to investigate Medibank for its October data breach.
The joint agreement came after each firm pursued its own class action against Medibank after Maurice Blackburn launched the landmark formal complaint with the Office of the Australian Information Commissioner (OAIC) in November.
The firms confirmed tens of thousands of Medibank customers have already registered to its investigation as the firms begun their probe into the private health insurers alleged failure to comply with the Privacy Act 1988 (Cth).
And the OIAC would be instrumental with its power to order Medibank to pay compensation to its affected customers pending the law firms’ investigations.
Almost 10 million customers could receive compensation after Medibank confirmed 9.7 million of its former and current customers, AHM and international student customers had their data stolen by a Russian ransomware group in October.
The private and personal information was sold in stages to the dark web.
George Newhouse, principal at Centennial Lawyers, said he felt very little sympathy for Medibank, which had “every opportunity” to build robust and safe systems.
Maurice Blackburn principal lawyer Andrew Watson said the data breach has caused millions of Australians significant distress.
“The right to privacy is a fundamental human right, and the representative complaint to the Australian Information Commissioner offers an avenue of redress to the millions affected by this incident,” he said.
“We cannot undo the damage that has been caused in this data breach, but we can ask the Commissioner to investigate the data breach and seek compensation from Medibank on behalf of those affected, including for financial or non-financial loss, such as humiliation, stress, and feelings of anxiety.”
After the breach, Medibank conducted Operation Safeguard in December and bolstered existing monitoring, added further detection and forensics capability across its system and network and scaled up analytical support.
In a statement responding to the complaint with OAIC, Medibank said that it “continues to support its customers from the impact of this crime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures”.
“Medibank will continue to cooperate with the OAIC and its ongoing investigation,” the statement in December said.
