Site icon News-EN

The Australian regulator is filing a lawsuit against Medibank over data leaks

yahoo default logo 1200x1200


SYDNEY (Reuters) – Australia’s privacy regulator said on Wednesday it had filed a lawsuit against the country’s largest health insurer, Medibank, over a data breach that exposed personal information of millions of customers on the dark web.

In a civil criminal action filed in the Federal Court, Australia’s Information Commissioner said Medibank had “seriously interfered” with the privacy of Australians by failing to take reasonable steps to protect data from misuse.

Medibank announced in 2022 that a hacker had stolen the personal data of 9.7 million current and former customers and released it on the dark web in one of Australia’s largest data thefts.

“We allege that Medibank failed to take reasonable steps to protect the personal information it held, given the size, resources, nature and volume of the sensitive and personal information it processed, and the risk of serious harm to an individual in the event of a breach. said Acting Commissioner Elizabeth Tydd.

The Federal Court may impose a civil penalty of up to A$2.22 million ($1.48 million) for each breach of the Privacy Act.

Australia’s banking regulator last year told Medibank to set aside A$250 million in additional capital, citing information security weaknesses identified after the breach.

Medibank said in a statement to the Australian Stock Exchange that it plans to defend the lawsuit.

Tydd said in a statement that the case should serve as a wake-up call for Australian businesses to invest more in their digital defenses to thwart cyber threats.

Australia has seen a spike in cyber intrusions over the past two years, prompting the government to reform security rules and set up an agency to oversee government investments and help coordinate responses to hacker attacks.

($1 = 1.5044 Australian dollars)

(Reporting by Renju Jose in Sydney; Editing by Lincoln Feast)

Exit mobile version