A class action over a major data breach at Medibank has been filed in the Federal Court this week. 

Law firm Baker & McKenzie filed the class action over the 2022 data breach, which Medibank disclosed in a statement to the Australian Securities Exchange.

“The statement of claim includes allegations of breach of contract, contraventions of the Australian Consumer Law, and breach of equitable obligations of confidence,” Medibank said, adding that it will defend the proceedings.

Medibank was hacked over the course of several weeks in late 2022, and stated that it would not pay the ransom demanded by the attackers at the time.

The attackers made several data dumps in response, including the names, dates of birth, addresses, phone numbers, and email addresses of policy-holders.

It was later confirmed that up to 9,7 million accounts had been stolen, including 5.1 million Medibank customers, 2.8 million customers of Medibank-owned subsidiary AHM and 1.8 million international customers.

Around 160,000 Medibank customers, 300,000 ahm customers, and 20,000 international customers had their health claims data, including provider name and location, and procedure and diagnostic claim codes, exposed. 

The Baker & McKenzie action is separate to an action announced in January and backed by Maurice Blackburn, Centennial Lawyers, and Bannister Law Class Actions.

Home Affairs Clare O’Neil has previously branded the Medibank hackers  “scumbags” and “Russian thugs” after they leaked highly confidential and sensitive medical and health details including treatments from mental health issues and addiction.

The government has since set up a new unit including staff from the Australian Federal Police and Australian Signals Directorate to run a joint standing operation to investigate, target and disrupt cyber-criminal syndicates.

Additionally, Australia is currently leading a ‘Disruption Working Group’ as part of the ‘International Counter Ransomware Initiative’, a multilateral cyber pest control aimed at curbing attacks and hacks.

“Medibank continues to support its customers from the impact of the cybercrime through our previously announced Cyber Response Support Program, which includes mental health and wellbeing support, identity protection and financial hardship measures,” the insurer said.