Three law firms in Australia have teamed up to run a “landmark” case against Medibank involving last October’s data breach. Comprising Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers, the trio will jointly seek compensation for affected customers.
Specifically, they will push through a complaint filed with the Office of the Australian Information Commissioner (OAIC) to secure the compensation. Maurice Blackburn last November initiated the formal representative complaint with OAIC, which has the authority to issue the directive for compensation.
The three law firms said in a joint statement Monday that “tens of thousands” of affected customers already had registered for the class action suit.
Medibank last October revealed a security incident that compromised the data of 9.7 million current and former customers, including 1.8 million international customers. After the health insurer refused to pay the ransom demands, hackers dumped large batches of the data on the dark web, claiming the files contained all of the data they took in the heist.
The data security incident, alongside others such as the Optus’ breach, prompted the Australian government to push for stiffer penalties. The country’s legislation eventually was revised, increasing maximum fines for serious or repeated breaches to AU$50 million or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater.
Bannister Law Class Actions’ principal Charles Bannister expressed hope the joint cooperation would lead to swift compensation payments for Medibank customers impacted in the breach. “We believe the data breach is a betrayal of Medibank’s customers and a breach of the Privacy Act,” Bannister said. “Medibank has a duty to keep this kind of information confidential.”
Centennial Lawyers’ adjunct professor George Newhouse added that the data breach revealed the lack of safeguards that should have been in place, to prevent private and personal data from being accessed by hackers.
Describing the law firms’ cooperation as a significant development, Maurice Blackburn’s head of class actions Andrew Watson said the agreement would ensure all three firms worked together with the common goal of obtaining compensation as quickly as possible.
Maurice Blackburn also filed a representative complaint to the OAIC against Optus with regards to the telco’s data breach.