Australia’s largest health insurer Medibank has faced a cyberattack, compromising the personal data of all its four million customers.
The revelation from Medibank comes at a time when the Anthony Albanese-headed government introduces legislation increasing penalties against companies erring on cybersecurity and data protection fronts.
Medibank said that the breach affected some “significant amounts of health claims’ data”. The incident also resulted in the halting of trading in the company’s shares. As per the police complaint, the thief has demanded a ransom from the company in exchange for the data related to customers’ diagnoses and treatments record.
As per the Australian government’s latest cybersecurity regulation reforms, the penalties for serious Privacy Act breaches will increase from 2.2 million to 50 million Australian dollars (USD 1.4m to USD 32m). The erring businesses can also be fined up to 30% of their revenues in serious cases.
The government intervention comes after a series of data thefts targeted toward high-profile businesses within the country.
Data of nearly 10 million current and former customers of Optus were stolen recently, affecting over one-third of Australia’s 26 million population.
In another such incident, online retail company MyDeal lost the data of its 2.2 million customers.
Medibank has also said that it lacks cyber insurance and this cyberattack will reduce the health insurer’s earnings by some 25-35 million Australian dollars by 2023. After the incident, its shares went down by more than 14%.