TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Australia regulator files lawsuit against Medibank over data breach
In its lawsuit, the Australian Information Commissioner said Medibank "seriously interfered" with the privacy of Australians by failing to take reasonable steps to protect data from misuse.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
People walk past a shop front for Australia's largest health insurance company Medibank in Sydney in this file photo taken on Nov. 11, 2022. Russian hackers carried out a cyberattack on Medibank that breached the data of 9.7 million people, including the country's prime minister, police said. (AFP/Muhammad Farooq)
A
ustralia's privacy regulator said on Wednesday it had filed a lawsuit against the country's biggest health insurer Medibank over a data breach that exposed personal information of millions of customers on the dark web.
In civil penalty proceedings filed in the Federal Court, the Australian Information Commissioner said Medibank "seriously interfered" with the privacy of Australians by failing to take reasonable steps to protect data from misuse.
Medibank in 2022 disclosed a hacker stole the personal data of 9.7 million current and former customers and released it on the dark web in one of Australia's biggest data thefts.
"We allege Medibank failed to take reasonable steps to protect personal information it held given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach," Acting Commissioner Elizabeth Tydd said.
The Federal Court can impose a civil penalty of up to A$2.22 million (US$1.48 million) for each violation of the Privacy Act.
Australia's banking regulator told Medibank last year to set aside A$250 million in extra capital, citing weaknesses identified in its information security after the breach.
Medibank, in a statement released to Australia's stock exchange, said it intends to defend the lawsuit.
Tydd said in a statement the case should serve as a wakeup call to Australian companies to invest more in their digital defenses to thwart cyber threats.
Australia has seen a spike in cyber intrusions over the last two years, prompting the government to reform security rules and set up an agency to oversee government investment and help coordinate responses to hacker attacks.
