Three law firms have joined forces to launch a data breach legal case against health insurance company Medibank.
This comes after the personal data of about 9.7 million customers was leaked by hackers last year.
Maurice Blackburn Lawyers, Bannister Law Class Actions and Centennial Lawyers have united for the case.
Let's take a look at what the law firms are seeking and who will benefit.
What is the purpose of the action?
About 9.7 million current and former customers had their data accessed by criminals.
The law firms are seeking compensation for Medibank and ahm health insurance customers who had their names, emails, mental health information and other data leaked.
A complaint was lodged with the Office of the Australian Information Commissioner by Maurice Blackburn in November.
The law firms say they will now pursue the complaint seeking compensation for those affected by the data breach.
Bannister Law Class Actions principal Charles Bannister says they believe the breach was a "betrayal" and a breach of the Privacy Act.
He says it exposed a "lack of safeguards" and Medibank had "failed policyholders".
The firms say they have "tens of thousands of Medibank customers" registered for the class action.
Maurice Blackburn has also launched an investigation into a class action against Optus following its data breach first reported in September.
How long could it take and how will it work?
It is expected this case will be quicker than a traditional adversarial class action.
University of New South Wales law professor Michael Legg says this is because it will not be going through the federal court.
Instead, the breach will be pursued under the Privacy Act with the Office of the Australian Information Commissioner.
This means it will not go through the federal court like a typical class action.
He says the commissioner needs to determine not just that Medibank is liable, but also the manner in which a customer is liable to establish how much compensation they are entitled to.
The commissioner may require a standard amount be paid for each person who had particular types of data compromised and additional amounts depending on proof of particular losses, Professor Legg says.
He says it will not be necessary for the law firms to name or say how many people are involved in the action.
But they will likely need to create a process where people can come forward and give information to establish their loss or damage.
Do I need to be in the class action to benefit?
Customers do not have to register with the law firms to benefit from the complaint, a Maurice Blackburn spokesperson says.
However, they encourage people to register to help them understand the size of the complaint.
Professor Legg says if a customer comes forward and provides the information necessary for compensation to be calculated, then they should be entitled to it.
However, he says the law firms will look specifically at the claims of those who have registered with them.
Therefore, if you did not register and had a case that was vastly different from anyone else, it may be difficult for that to be taken into account.
What is Medibank saying about it?
A Medibank spokesperson says the company will continue to cooperate with the OAIC and its going investigation.
Medibank says it will continue to support its customers from "the impact of this crime" through its cyber response support program.
The program includes mental health and wellbeing support, identity protection and financial hardship measures.
What is the significance of this case?
Professor Legg says this case has the ability to set a precedent for data breach cases in Australia, which is becoming an increasingly larger area of law.
He says the law firms will be interested in establishing a track record in this space.
It will also be noteworthy if the case fails or only a small compensation is granted.
Professor Legg says this may provide ammunition to call for a more effective course of action to pursue data breach complaints.