Law firm Baker & McKenzie has filed a class action in the Federal Court against Medibank, over its 2022 data breach.
Medibank disclosed the action in a statement to the Australian Securities Exchange on Tuesday night.
Medibank said it understands the class action is being funded by Omni Bridgeway.
“The statement of claim includes allegations of breach of contract, contraventions of the Australian Consumer Law, and breach of equitable obligations of confidence,” Medibank said.
The health insurer added that it will defend the proceedings.
Medibank was breached in October 2022, and in November, stated that it would not pay the ransom demanded by the attackers.
The attackers responded with several data dumps, the last of which was made public in December.
On November 7, Medibank published a granular analysis detailing that the names, dates of birth, addresses, phone numbers, and email addresses of 9.7 million policy-holders had been stolen, including 5.1 million Medibank customers, 2.8 million customers of Medibank-owned subsidiary AHM and 1.8 million international customers.
Around 160,000 Medibank customers, 300,000 ahm customers, and 20,000 international customers also had their health claims data, including provider name and location, and procedure and diagnostic claim codes, exposed.
The Baker & McKenzie action is not related to an action announced in January and backed by Maurice Blackburn, Centennial Lawyers, and Bannister Law Class Actions.
A spokesperson for Maruice Blackburn told iTnews the team decided not to proceed with a class action at this stage.
Instead, they have filed what’s known as a “representative complaint” with the Office of the Australian Information Commissioner, which if successful could result in the OAIC using its powers to order compensation to victims of the data breach.