In response to Medibank’s data breach in October, three Australian legal firms are working together on a “landmark” lawsuit. All three firms, Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers, will work together to pursue compensation for clients who have been harmed.

To get the money, they’ll specifically pursue a complaint they’ve already filed with the Australian Information Commissioner’s (OAIC) office. In November, Maurice Blackburn filed a formal representative complaint with OAIC, the agency with power to issue the compensation mandate.

On Monday, the three law firms involved in the class action litigation issued a joint statement saying that “tens of thousands” of impacted clients have signed up to participate.

In October, Medibank reported a security breach that exposed the personal information of 9.7 million active and inactive clients, including 1.8 million from other countries. If the health insurance company did not pay the ransom, the hackers threatened to release all of the stolen information on the dark web.

Similar incidents, such as the one at Optus, caused the Australian government to call for stricter sanctions, including those related to data security. In the end, the laws were changed such that the maximum penalties for major or repeated breaches is now AU$50 million, or three times the value of any gain acquired via the data abuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is larger.

Principal of Bannister Law Class Actions, Charles Bannister, hopes that the cooperation between the two firms will result in prompt compensation payouts to Medibank customers who were affected by the incident. Bannister said that the breach was a violation of the Privacy Act and a betrayal of Medibank’s consumers. “Medibank has an obligation to protect patient privacy with regard to information of this nature.”

George Newhouse, an adjunct professor at Centennial Lawyers, chimed in that the incident exposed a lack of controls that should have been in place to prevent hackers from accessing private and sensitive data.

Andrew Watson, head of class actions at Maurice Blackburn, called the arrangement between the legal firms a “major move,” since it would ensure that the three firms worked together toward a similar aim of recovering compensation as swiftly as feasible.

Additionally, Maurice Blackburn has lodged a representative complaint with the OAIC against Optus for the latter’s data breach.