Medibank hit continues
Medibank anticipates a financial hit of $35 million in 2024 due to the fallout from a 2022 data breach.
The breach, revealed in October 2022, exposed data from 9.7 million customers when attackers acquired credentials from a third-party contractor.
In their recent annual report, Medibank unveiled a total cost of $46.4 million incurred during the 2022-2023 financial year, covering incident response and customer support.
The projected total cost, excluding regulatory actions or legal proceedings, could surpass $80 million.
Medibank's response to the breach includes establishing a cyber response board committee and reducing short-term incentive payments for CEO and key management personnel by $2.6 million to zero.
The company is currently under scrutiny by the Australian Prudential Regulatory Authority (APRA), which imposed an additional $250 million capital requirement following the breach.
Furthermore, Medibank faces potential legal action, with up to three class action lawsuits in progress.
Two customer-led class actions have merged into one, and shareholder lawsuits initiated by Quinn Emanuel and Phi Finney McDonald are being considered for consolidation in the Federal Court.