Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

Yet another class action filed against Medibank

Health insurer Medibank is facing another legal claim, this time from one of the world’s biggest law firms, after a data breach late last year resulted in millions of customers’ data being leaked — and eventually released by hackers onto the dark web.

user iconLauren Croft 08 February 2023 Big Law
expand image

On 13 October 2022, Medibank Private Limited confirmed in an ASX release that it had detected “unusual activity” on its network, before disclosing that customer data had been accessed and stolen, affecting as many as 9.7 million current and former Medibank, ahm, and international student customers.

The insurance giant has since been the subject of a number of legal claims and OAIC complaints, the latest of which was filed in the Federal Court on Tuesday (7 February) by Baker McKenzie.

In a joint statement, Baker McKenzie and Omni Bridgeway confirmed the class action.


“The Medibank data breach affected millions of retail customers across Australia and overseas, and this class action is an important and significant claim on behalf of those affected by the data breach, which occurred on or about 12 October 2022,” they told Lawyers Weekly.

“The class action is being funded on a non-recourse basis by Omni Bridgeway.”

The global firm and litigation funder also said: "The Medibank Private data breach was among the worst in the nation’s corporate history, affecting the private information of millions of retail customers across Australia and overseas."

"In launching this class action in the Federal Court, Baker McKenzie is to provide affected individuals with an avenue for redress and compensation for the loss and distress caused by Medibank Private’s alleged failings."

The case will be led by Bakers partners Paul Forbes and Ryan Grant, and Omni Bridgeway is funding the proceedings on a 'no win, no pay' basis.

Maurice Blackburn first started investigating a claim against Medibank in November last year, a week after Bannister Law Class Actions and Centennial Lawyers launched a similar investigation. At the time, the firm was also in the process of considering a class action against Optus following its own data breach.

Following this, Maurice Blackburn lodged a representative complaint on behalf of millions of Medibank customers with the Office of the Australian Information Commissioner (OAIC), which has the power to order compensation.

Then, in January this year, the three firms joined forces to run a complaint against the private health insurance provider, entering into a joint cooperation agreement against Medibank and ahm in relation to the data breach.

On Tuesday, Medibank confirmed the launch of the most recent class action in an announcement to the ASX and said they would defend the proceedings.

“Medibank understands that these proceedings have been brought on behalf of current and former customers in relation to the cyber crime event Medibank has previously reported and are being brought by Baker & McKenzie and funded by Omni Bridgeway. The statement of claim includes allegations of breach of contract, contraventions of the Australian Consumer Law, and breach of equitable obligations of confidence,” the statement said.  

“Medibank will defend the proceedings. Medibank continues to support its customers from the impact of the cyber crime through our previously announced Cyber Response Support Program, which includes mental health and wellbeing support, identity protection and financial hardship measures.”

According to Bakers, this class action is “separate to these representative complaints lodged with privacy regulator, OAIC”.

Editor's note: This story has been updated to include further commentary from Baker McKenzie and Omni Bridgeway.