Legislation introduced in the wake of massive cyberattacks against Optus and Medibank that will increase penalties for serious privacy law violations to $50 million has sailed through the House just two weeks after being introduced.
A class action investigation over the data breach that exposed the personal information of almost 10 million Medibank customers is underway, with two law firms teaming up to probe whether the private health insurer is liable for damages.
Medibank will not pay a ransom to a criminal who stole the data of 9.7 million customers, saying it would encourage extortion.
Medibank’s woes worsened Wednesday as the insurer revealed data for all 4 million of its current and former customers had been accessed during a cyberattack after initially reporting no customer data had been exposed.
The fallout from a cyberattack against Medibank continues, with the health insurer revealing sensitive claims data was accessed for customers of its main Medibank branch.
Companies will face penalties of up to $50 million for serious privacy law breaches under legislation to be introduced the Attorney-General following data breaches by Optus, Medibank and Woolworths unit MyDeal.
A criminal has accessed sensitive Medibank customer data, including claims information, following a recent cyberattack.
The public and political response to the Optus incident, including the federal government’s announcement of urgent privacy law reform, suggests there may now be an appetite to test obstacles to data breach class actions, or for the government to legislate around them, say Allens lawyers Kate Austin, Valeska Bloch, Isabelle Guyot and Andrew Burns.
Woolworths unit MyDeal has begun contacting 2.2 million customers whose data has been compromised in the latest data breach to hit a major Australian company.
Medibank has become the latest company to fall prey to a cyberattack, but the health insurer says so far there’s no indication customer data has been compromised.