Medibank Faces Civil Penalty Proceedings Over Data Breach

Medibank Faces Civil Penalty Proceedings Over Data Breach

RIMPA Global CEO, Anne Cornish said, "Privacy is an issue for all businesses and this action further demonstrates the importance and value of effective records management.

Ensuring that an organisation has trained resources to apply required processes and procedures can minimise the risk of what has occurred to Medibank.

Effective records management is required by every business and rules do not just apply to government. Large private enterprises manage excessive amounts of our personal and private information so why aren’t they looking after it effectively?”

The Office of the Australian Information Commissioner (OAIC) has initiated civil penalty proceedings against Medibank, the insurer announced on Wednesday morning.

In a brief financial filing, Medibank stated its intention to "defend the proceedings." The action stems from an investigation into a data breach that affected 9.7 million current and former customers.

Acting Australian Information Commissioner Elizabeth Tydd commented on the severity of the breach, noting that the leak of stolen data to the dark web "exposed a large number of Australians to the likelihood of serious harm, including potential emotional distress and the material risk of identity theft, extortion and financial crime."

For further details, please refer to the official financial filing available here.