Medibank is facing more legal action over its large data breach. 

Medibank, one of Australia's largest medical insurers, is facing a new lawsuit, this time from shareholders. A class action was filed in the Supreme Court of Victoria on Monday.

The suit alleges that Medibank breached its continuous disclosure obligations under the Corporations Act 2001 and ASX Listing Rules by not disclosing to the market information about alleged deficiencies in its cyber security systems. 

The legal action covers the period from July 1, 2019, to October 19, 2022, and is being brought by Quinn Emanuel on behalf of persons who acquired an interest in Medibank shares during that time.

In response, Medibank said it intends to contest the allegations.

This is the second class action filed against the company over the data breach. In February, a separate suit was filed on behalf of current and former customers whose data was breached in the attack.

Medibank disclosed the data breach in October 2022 after attackers attempted to extort money out of the company. When Medibank refused to pay, the attackers made a series of dark web data dumps that ended at the end of November.

“Medibank understands that these proceedings have been brought on behalf of persons who acquired an interest in Medibank shares during the period July 1, 2019, to October 19, 2022, and is being brought by Quinn Emanuel,” the company said in a statement. 

“Medibank intends to defend the proceedings and denies any wrongdoing.”

The company said it takes the privacy of its customers and the security of their data seriously and has implemented measures to enhance its cybersecurity systems since the breach.