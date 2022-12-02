It will see if it has taken reasonable steps to protect customers’ personal data

The Office of the Australian Information Commissioner is investigating the company

Medibank could be fined millions of dollars over the devastating hacking scandal as a government agency investigates whether the health insurer has properly protected its customers’ data.

Russian hackers targeted Medibank in October, stealing millions of private health records and demanding the company pay a $10 million ($A15 million) ransom or the anonymous group would post everything online.

Medibank, Australia’s largest private health insurer, refused to pay the ransom, with the hackers making good on their threat, posting private health claims and personal details of at least 10 million customers on the dark web in the past month.

The Office of the Australian Information Commissioner (OAIC) ​​confirmed on Thursday that it is investigating whether Medibank has taken reasonable steps to protect its customers’ personal information from misuse, interference, loss, unauthorized access, alteration or disclosure.

If the investigation reveals serious and/or repeated breaches of privacy in breach of Australian privacy law, the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each violation,” the OAIC said in a statement. .

The OAIC’s pledge to investigate comes after the hacking group released the latest trove of private files on Thursday, dumping a massive 6.4 gigabytes of data onto the dark web.

Medibank said it was still investigating the latest data dump, but thought the files contained names, dates of birth, addresses, phone numbers and email addresses of its customers.

It is feared that the hackers’ latest dump, which is much larger than any other file they’ve posted, could contain the data of all of its 9.7 million customers.

The hackers also hinted in their latest post that their war with Medibank is over.

“Happy Cyber ​​Security Day!!!” the hackers posted next to six zipped folders. ‘Added folder full. Case closed.’

The hackers have been releasing files in a trickle over the past two months, but appear to have finished harassing the private health giant.

Meanwhile, the insurer’s customers are encouraged to seek help through the Medibank helpline and not to engage with scammers claiming to have their private information.

Specialized teams are ready to assist clients who receive scams or threats.

After weeks of releasing bits and pieces of files, the hackers released their latest — and largest — trove of data to date on Thursday as Medibank refused to comply with their demands

In a statement following the latest hacker post, Medibank said it was still analyzing the data, which it described as incomplete and difficult to understand.

“We are aware that stolen Medibank customer data has been released on the dark web overnight. We are in the process of analyzing the data, but it appears to be the data that we thought the criminal stole,” the company said.

“As our investigation continues, there are currently no signs that any financial or banking information has been compromised and the stolen personal information alone is not sufficient to enable identity and financial fraud.

“The raw data we have analyzed so far is incomplete and difficult to understand.

“We apologize unreservedly to our customers. We remain committed to full and transparent communication with customers and will continue to reach out to customers whose data has been exposed on the dark web

“We remain vigilant and encourage everyone to stay alert to suspicious activity online or over the phone.”

All Medibank and ahm customers who require more information are urged to contact the Company’s cyber response hotlines by phone or through an information page on the Company’s website.

Medibank said its customers can also reach experienced and qualified mental health professionals by phone 24/7 for mental health or wellness advice or support, or contact Lifeline, Beyond Blue or their GP.