Australia’s largest health insurer, Medibank, is facing a lawsuit filed by the country’s privacy regulator after a significant data breach compromised the personal details of millions of individuals.

The Australian Information Commissioner has brought civil penalty claims in the Federal Court, alleging that Medibank neglected Australians’ privacy rights by failing to take adequate measures to safeguard their data from being stolen and misused by bad actors.

As reported by Reuters, acting Commissioner Elizabeth Tydd, said: 

“We allege Medibank failed to take reasonable steps to protect personal information it held given its size, resources, the nature and volume of the sensitive and personal information it handled, and the risk of serious harm for an individual in the case of a breach.”

Two years ago, the bank reported a cyberattack in which an online criminal accessed and released the personal data of 9.7 million current and former customers. The information was then posted on the dark web in a data breach that stands as one of the most substantial in Australian history. The Federal Court in Australia holds the authority to impose a civil penalty of up to A$2.22 million (approximately $1.48 million USD) for each violation of the country’s Privacy Act.

In response to the breach, Australia’s banking regulator required Medibank to allocate an additional A$250 million in capital due to identified weaknesses in its information security protocols. Despite the allegations, Medibank has publicly stated its intention to contest the legal action.

The Commissioner emphasised that this case should act as a critical reminder for Australian companies to bolster their digital defences against cyber threats.

Over the past two years, Australia has experienced a surge in cyber intrusions, prompting the government to implement security reforms and establish an agency dedicated to overseeing government investments and coordinating responses to cyberattacks.

Know the risks

The lawsuit faced by MediBank illustrates the urgent need for robust cybersecurity measures and proactive risk management strategies to protect sensitive information and maintain regulatory compliance in an increasingly digital world.

The themes take centre stage this October at #RISK London, where industry leaders explore the importance of regulatory compliance, ethical responsibility, and user-centric practices in data processing standards in the AI era.

#RISK London 2024

We’re excited to share that #RISK is back in London for its third consecutive year, ready to equip attendees like you with the knowledge, insights, and connections crucial for navigating today’s dynamic risk landscape.

#RISK London 2024, ExCel

#RISK London 2024, 9-10 October, ExCel - GRC. AI. Privacy. Security. RegTech

Key #RISK London sessions include:

Beyond Compliance: Building a Culture of Privacy by Design

Location: PrivSec Theatre

This session will delve into the concept of “Privacy by Design,” a proactive approach that integrates privacy considerations into every stage of product development and data processing. 

Experts will explore strategies for fostering a culture of privacy within organisations, from employee awareness training to implementing data minimisation practices.

The Evolving Regulatory Landscape: Staying Compliant in a Complex World

Location: Risk Theatre

This session provides insights into the rapidly evolving regulatory landscape impacting risk management practices. 

Experts will discuss regulations like GDPR, CCPA, and DORA, outlining their implications for businesses and providing strategies for achieving compliance.


These are just two of the exclusive sessions taking place at #RISK London this October

Click here to see the full agenda

Discover more at #RISK London

Taking place October 9 and 10 at London’s ExCel, #RISK London brings high-profile subject-matter experts together for a series of keynotes, engaging panel debates and presentations across four separate theatres:

• GRC Theatre

• RegTech Theatre

• PrivSec Theatre

• Risk Theatre 

Each theatre is dedicated to examining the challenges and opportunities that businesses face in times of unprecedented change.

By breaking down silos and aligning systems and workflows, organisations can streamline decision-making, improve efficiencies, and enhance the customer experience.

Attendees will be able to learn how to mitigate risks, reduce compliance breaches, and drive performance.

“#RISK is such an important event as it looks at the broad perspective. Risks are now more interconnected and the risk environment is bigger than ever before.”Michael Rasmussen, GRC Analyst & Pundit, GRC 20/20 Research

Click here to register for #RISK London today!