Medibank shareholders have taken legal action against the private health insurer for not disclosing alleged cyber security “deficiencies”.
The class action was filed in the Supreme Court of Victoria and served on Medibank on Wednesday.
Medibank reported the massive data breach in October last year after Russian hackers stole the sensitive health records of almost 10 million Australians.
In a statement, Medibank said the proceedings were being brought by legal firm Quinn Emanuel on behalf of shareholders who acquired an interest between July 1, 2019 to October 19, 2022.
“The statement of claim includes allegations that Medibank breached its continuous disclosure obligations under the Corporations Act 2001 and ASX Listing Rules by not disclosing to the market information relating to alleged deficiencies in its cyber security systems,” the statement reads.
The cybercriminals have since dumped all the customer information they stole from the health insurer on the dark web after demanding a ransom be paid.
Medibank refused to pay the money, a decision supported by the federal government.
It follows Maurice Blackburn launching a compensation claim against the health insurer over the hack.
The government last year introduced tough new penalties for serious or repeated data breaches, to whichever is the greater of $50 million, 30 per cent of the company’s turnover in the relevant period, or three times the value of any benefit gained from the stolen data.