(Reuters) – Medibank Private Ltd. was hit with a second class action related to its disclosures about its cyber security systems that led to a data breach last year, Australia’s largest health insurer said on Wednesday.
In October last year, Medibank revealed that a hacker had obtained the data of 9.7 million current and former customers and released the details on the dark web.
The company breached its disclosure obligations by failing to disclose information about the alleged flaws in its cybersecurity systems, US-based law firm Quinn Emanuel Urquhart & Sullivan alleged in its class action lawsuit.
Medibank said it intends to defend itself, while Quinn Emmanuel did not immediately respond to a request for comment.
A similar lawsuit was filed in early February by law firm Baker & McKenzie, alleging breach of contract and breach of Australian consumer law.
Medibank was one of the many Australian companies targeted by hackers since September last year, with Rio Tinto and Latitude Group the latest additions.
Medibank̵7;s stock ended 0.3% higher on Wednesday. The stock has fallen about 3.8% since it disclosed the hack last October.