Medibank faces civil action over cybercrime hit that breached privacy of 9.7 million customers

Medibank faces civil action over cybercrime hit that breached privacy of 9.7 million customers

Photo: Marcus Spiske via Unsplash

Health insurer Medibank Private (ASX: MPL) is facing civil action over a cybercrime incident in 2022 that is said to have breached the privacy of 9.7 million customers.

The Office of the Australian Information Commissioner has filed civil penalty proceedings in the Federal Court against Medibank Private, with the data protection authority alleging that the health insurer failed to take reasonable steps to protect the personal information of these customers from misuse and unauthorised access or disclosure.

The commissioner alleges that from March 2021 to October 2022, Medibank’s actions amounted to a serious interference with the privacy of the customers.

The proceedings follow an investigation initiated by Australian Information Commissioner Angelene Falk after Medibank was the subject of a cyber-attack in which one or more threat actors accessed the personal information of millions of current and former customers, which was subsequently released on the dark web.

“The release of personal information on the dark web exposed a large number of Australians to the likelihood of serious harm, including potential emotional distress and the material risk of identity theft, extortion and financial crime,” says acting Australian Information Commissioner Elizabeth Tydd.

The commissioner notes that Medibank’s business involves collecting and holding customers’ personal and sensitive health information and that in the FY22 financial year the company generated a revenue of $7.1 billion and an annual profit of $560 million.

“We allege Medibank failed to take reasonable steps to protect personal information it held given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach,” says Tydd.

 “We consider Medibank’s conduct resulted in a serious interference with the privacy of a very large number of individuals.”

Medibank confirmed the civil action in a brief announcement to the ASX this morning.

“Medibank intends to defend the proceedings,” says the company.

Medibank faces a civil penalty of up to $2.22 million for each contravention of section 13G of the Privacy Act.

Privacy Commissioner Carly Kind says organisations that collect, use and store personal information “have a considerable responsibility to ensure that data is held safely and securely”.

“That is particularly the case when it comes to sensitive data,” she says.

“This case should serve as a wakeup call to Australian organisations to invest in their digital defences to meet the challenges of an evolving cyber landscape.

“Organisations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe.”

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

Four time-saving tips for automating your investment portfolio
Partner Content
In today's fast-paced investment landscape, time is a valuable commodity. Fortunately, w...
Etoro
Advertisement

Related Stories

“Not our desired outcome”: Telix withdraws from $300m Nasdaq IPO

“Not our desired outcome”: Telix withdraws from $300m Nasdaq IPO

Telix Pharmaceuticals (ASX: TLX), one of the nation’s largest...

CommBank joins new ‘intelligence loop’ to combat SMS phishing scams

CommBank joins new ‘intelligence loop’ to combat SMS phishing scams

In an effort to reduce the number of SMS phishing scam victims...

Stralis Aircraft secures funding to make commercial hydrogen planes a reality

Stralis Aircraft secures funding to make commercial hydrogen planes a reality

Brisbane-based Stralis Aircraft has become one step closer to its a...

‘Gone the long yards’: Luxury boatbuilder Maritimo a stayer in local manufacturing

‘Gone the long yards’: Luxury boatbuilder Maritimo a stayer in local manufacturing

In an era when Australia’s mass-production car industry is a ...