Medibank will hold its annual general meeting on Wednesday in the middle of the huge data hack that has left the company in turmoil.
The board is expected to face a grilling from shareholders at the meeting, a month on from hackers stealing personal information from all of the health insurer’s 9.7 million former and current customers.
Medibank shares sat at $3.55 before the hack and dropped as low as $2.75, as directors refused to pay a $US9.7 million (almost $A15 million) ransom.
Shareholders are expected to vote on performance bonuses for Medibank’s executives and re-elect directors.
The hackers, who police said late last week were from Russia, have indicated they’ll be watching the meeting to see if the insurer opts to take a different course regarding the stolen data.
Releasing their latest batch of stolen information – 500 records for people’s mental illness diagnoses – the hackers said they wouldn’t post more until the meeting was over.
“There is some more records for everybody to know,” they earlier wrote in an update.
“We’ll announce that next portion of data we’ll publish at Friday, bypassing this week completely in a hope something meaningful happened on Wednesday.”
A 100 officer-strong, standing cybercrime operation targeting the hackers will be led by the Australian Federal Police and Australian Signals Directorate.
Data including names, phones numbers, Medicare numbers and sensitive health information were taken by the hackers during the breach.
The insurer could yet face legal action, with law firm Maurice Blackburn confirming it was reviewing if affected customers could be eligible for compensation.
“Companies that hold their customers’ sensitive health information have an important obligation to make sure that information is safeguarded, commensurate with the sensitivity of that data,” principal lawyer Andrew Watson said.
“Medibank have a heightened responsibility to put in place greater safeguards to secure the personal and health claim information it collected from its customers.”
© AAP 2022