Posted: 2024-06-04 22:42:27

Australia’s privacy watchdog is suing health insurance giant Medibank following its October 2022 data breach, alleging the company breached the nation’s privacy laws and exposed its customers to a risk of identity theft, extortion and financial crime.

The Office of the Australian Information Commissioner (OAIC) has filed civil proceedings in the Federal Court against Medibank, following the hack that affected nearly 10 million current and past Medibank customers who had their information released on the dark web.

The watchdog alleges Medibank failed to take reasonable steps to protect customers’ personal information from misuse and unauthorised access, in breach of Australia’s Privacy Act.

The watchdog alleges Medibank failed to take reasonable steps to protect customers’ personal information from misuse and unauthorised access, in breach of Australia’s Privacy Act.Credit: Steven Siewert

The watchdog alleges Medibank failed to take reasonable steps to protect customers’ personal information from misuse and unauthorised access, in breach of Australia’s Privacy Act, alleging one contravention of the Act for each of the 9.7 million affected customers.

The company is facing potential penalties of up to $2.22 million for each contravention of section 13G of the Privacy Act, which states “the entity repeatedly does an act, or engages in a practice, that is an interference with the privacy of one or more individuals”.

“The release of personal information on the dark web exposed a large number of Australians to the likelihood of serious harm, including potential emotional distress and the material risk of identity theft, extortion and financial crime,” Australian Information Commissioner Elizabeth Tydd said on Wednesday.

Loading

“We allege Medibank failed to take reasonable steps to protect personal information it held, given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach.

“We consider Medibank’s conduct resulted in a serious interference with the privacy of a very large number of individuals.”

In October 2022, criminals accessed basic account details of 9.7 million current and former Medibank customers, as well as the health claim data for about 160,000 Medibank customers, 300,000 customers of its budget arm, ahm, and 20,000 international customers. It was one of the worst cyber breaches ever reported in Australian history.

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above