Medibank failed to put in place baseline security measures, including multi-factor authentication, to safeguard sensitive information from a hacker in 2022, who stole an IT contractor’s credentials and logged in to the health insurer’s private network three months before the company learned its data was compromised, the OAIC says.
A class action has argued Medibank cannot claim legal professional privilege over three Deloitte reports after disclosing them to reassure the market and customers after a massive 2022 data breach.
The chair of the Medibank board has given evidence that he engaged King & Wood Mallesons to commission expert reviews in the wake of a cyberattack, including three reports by Deloitte, after hearing rumours of class action investigations in October 2022.Â
More companies may find themselves in the position of Medibank — which recently failed to stay representative proceedings before the privacy regulator while a related class action is on foot — so long as the laws remain unchanged, and law firms are willing to gamble on privacy class actions.
A judge has dismissed a bid by Medibank to restrain the Office of Australian Information Commissioner from proceeding with a class action-style complaint on behalf of millions of the private health insurer’s customers affected by an October 2022 data breach.
The federal government has used its cyber sanction powers for the first time against a Russian individual identified as responsible for an attack against private health insurer Medibank that exposed almost 10 million customer records.
A judge has cautioned two law firms running competing shareholder class actions over last Octoberâs cyber attack on Medibank that they must keep their focus on the best interests of clients and group members, saying lawyers can lose sight of that duty when arguing for their case.Â
Medibank is now facing five class actions over last October’s cyber attack that left exposed the personal data of 9.7 million customers, this one by shareholders of the private health insurer.
The Australian Prudential Regulation Authority has raised Medibank’s capital adequacy requirement by $250 million, following last year’s cyber attack against the private health insurer, which exposed the personal details of 10 million customers.Â
Private health insurer Medibank has been served with a second class action over a data breach exposing the personal details of 10 million customers.