Medibank anticipates a financial hit of $35 million in 2024 due to the fallout from a 2022 data breach. 

The breach, revealed in October 2022, exposed data from 9.7 million customers when attackers acquired credentials from a third-party contractor.

In their recent annual report, Medibank unveiled a total cost of $46.4 million incurred during the 2022-2023 financial year, covering incident response and customer support. 

The projected total cost, excluding regulatory actions or legal proceedings, could surpass $80 million.

Medibank's response to the breach includes establishing a cyber response board committee and reducing short-term incentive payments for CEO and key management personnel by $2.6 million to zero.

The company is currently under scrutiny by the Australian Prudential Regulatory Authority (APRA), which imposed an additional $250 million capital requirement following the breach. 

Furthermore, Medibank faces potential legal action, with up to three class action lawsuits in progress. 

Two customer-led class actions have merged into one, and shareholder lawsuits initiated by Quinn Emanuel and Phi Finney McDonald are being considered for consolidation in the Federal Court.