On October 11, 2022, health insurance provider Medibank (ASX: MPL) noticed a security breach in its system. A criminal was able to access Medibank’s systems by using a stolen username and password from a third-party IT service provider. They were able to obtain more credentials and access multiple systems. This was possible due to a misconfigured firewall that didn’t require an additional digital security certificate.
The security breach was detected on October 11 and the access was closed down. What ensued was public displeasure over Medibank’s lax response and the data of nearly 10 million customers being leaked on the dark web with the criminals declaring “case closed”.
The Company refused to pay the ransom, the data was leaked, and Medibank’s stock plunged. Since then, Medibank updated its technology and brought on Deloitte to review its systems. However, for consumers who lost so much personal data, that is not enough. According to them, Medibank moved on without addressing the distress caused in the past.
So, on May 4, 2023, a consumer class action against Medibank was filed in the Federal Court of Australia by Slater & Gordon. These proceedings have been brought on behalf of current, former and prospective customers, authorised representatives of customers, and providers of healthcare services, in relation to the cybercrime event.
The statement of claim includes allegations of breach of contract, negligence, and contraventions of the Australian Consumer Law.
Medibank says that it will defend the proceedings. It noted, “Medibank continues to support its customers from the impact of the cybercrime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures.” The Australian Federal Police, too, has been on the lookout for the criminals who leaked the info on the dark web.
The Slater & Gordon class action has been brought against Medibank for allegedly failing to protect or take reasonable steps to protect the personal information of its customers, both current and former. The allegations include breaches of contract, the Australian Privacy Principles under the Privacy Act 1988, the Private Health Insurance (Prudential Supervision) Act 2015, Consolidating Prudential Standard 234 under the Australian Prudential Regulation Authority Standards, a duty of care to customers, and Australian Consumer Law.
The legal costs of the class action will be funded by a well-regarded litigation funder. As part of the agreement, the litigation funder will be eligible for a commission if the case is successful, and the amount of the commission will be determined by the Court.
If the class action doesn’t win, the litigation funder will pay for Medibank’s legal fees. People who join the class action won’t have to pay anything if it fails.
Will the outcome of these proceedings finally result in “case closed” for Medibank?
Alinda is a Business Reporter for The Sentiment
Latest posts by Alinda Gupta (see all)
- Ovanti’s iSentric signs contracts worth $14.4m with Malaysian commercial bank - June 27, 2024
- Baby Bunting fights back from retail downturn with 5-year strategy, includes Gen-Z focus and self-funded growth - June 27, 2024
- CLEO meets with US FDA to develop strategy for ovarian cancer test launch - June 26, 2024
Leave a Comment
You must be logged in to post a comment.