(Reuters) – Medibank Private Ltd. was slapped with a second class action lawsuit related to its disclosures on its cyber security systems leading up to a data breach last year, Australia’s largest health insurer said on Wednesday.
Last October, Medibank disclosed that a hacker had gained data of 9.7 million current and former customers and released the data on the dark web.
The company breached its disclosure obligations by not revealing information regarding the alleged deficiencies in its cyber security systems, U.S.-based law firm Quinn Emanuel Urquhart & Sullivan alleged in its class action lawsuit.
Medibank said it intends to defend itself, while Quinn Emmanuel did not respond immediately for comment.
A similar lawsuit was filed in early February by law firm Baker & McKenzie, which alleged a breach of contract and contraventions of Australian consumer law.
Medibank was one of the many Australian companies that have been targeted by hackers since September last year, with Rio Tinto and Latitude Group the latest additions.
Medibank’s shares ended 0.3% higher on Wednesday. The stock has fallen about 3.8% since it disclosed the hack last October.