The Australian Information Commissioner announced Wednesday (Jun. 5) that it filed a lawsuit against Medibank, the country's biggest health insurer, over a data breach that exposed personal information of millions of its customers and released it on the dark web.
Reuters reported that the regulator filed a civil penalty lawsuit in the Australian Federal Court, stating that Medibank "seriously interfered" with Australians' privacy by failing to take responsible steps to protect data from misuse.
Acting Information Commissioner Elizabeth Tydd said in a statement that the Medicare incident should be a wake-up call to Australian companies to invest more in cybersecurity.
Australia's Cybersecurity Issues
It could be recalled that the insurer disclosed in 2022 that a lone-wolf Russian hacker stole the personal data of 9.7 million current and former customers, making it one of the biggest data thefts in Australian history.
Australian public broadcaster ABC reported that the Medibank hack sits alongside incidents that affected local telco firms Optus and Latitude Financial.
Meanwhile, News.com.au reported that Australian Foreign Minister Penny Wong announced sanctions against the Russian hacker Aleksandr Ermakov over his alleged role in the data breach.
If found guilty, the Federal Court could impose a civil penalty of up to A$2.22 million ($1.48 million) for each violation of the country's Privacy Act.
The country's banking regulator also told Medibank to allot A$250 million ($166.5 million) in capital after finding weaknesses in its information security after the breach.
Join the Conversation