cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Investigation into Medibank launched, could face millions in fines

An investigation into the Medibank data breach has been opened, which could see the health insurer heavily fined.

user icon Daniel Croft
Fri, 02 Dec 2022
Investigation into Medibank launched, could face millions in fines
expand image

The Office of the Australian Information Commissioner (OAIC) will be investigating Medibank’s “personal information handling practices”.

“The OAIC’s investigation will focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure,” said the OAIC in a statement.

“The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs).”


If the OAIC finds that Medibank’s data handling procedures interfered with customer privacy, then the commissioner may impose changes that would prevent the security issue from continuing or future breaches occurring.

Furthermore, if the investigation finds that this is a serious or repeated breach, Medibank could face penalties of $2.2 million for each violation.

While it won’t affect Medibank, in response to the recent data breaches, the government has just passed a bill that would raise the fine for serious or repeated breaches from $2.2 million to $50 million.

The launch of the investigation comes just after the Medibank hackers have seemingly given up, after they posted what is assumed to be the rest of the data.

The hackers claimed to have stolen 200GB worth of data compressed down to 5GB, and the final dump of data contained 5GB of compressed data.

Furthermore, in the post, the hackers stated, “Happy Cyber Security Day!!! Added folder full. Case closed.”

The hackers had demanded a ransom of $15.6 million, which with support from the government, Medibank refused to pay.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.