APRA pressures Medibank on cyber enhancements post-breach
By 
Kyle Brasseur2023-06-28T13:18:00
The Australian Prudential and Regulation Authority (APRA) will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.
The action by APRA, announced Tuesday, follows a cyber incident last year in which 9.7 million past and present Medibank customers had their data stolen by a hacker. The data exposed included first and last names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers, and some claims data.
The incident was one of the most significant data breaches ever experienced in Australia, said APRA, the country’s prudential regulator of the financial services industry.
Related articles
-
PremiumNAVEX report: Driven by cyber threats, infosec compliance top of mind
Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.
-
PremiumShades of SolarWinds in lessons from MOVEit hack
A ransomware attack affecting some of the U.K.’s largest corporations has highlighted once again how exposed organizations can be if the levels of cybersecurity used by their third parties are not as strong as expected.
-
PremiumVerizon report: Lion’s share of data breaches linked to organized crime
About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.
More from Regulatory Enforcement
-
ArticleSeven years in, GDPR faces growing challenges from AI and ‘consent or pay’ models
Europe’s pioneering data protection legislation turned seven years old in May, but the compliance and enforcement difficulties that have dogged the rules since they came into force look set to present both companies and data regulators with fresh headaches for some time to come.
-
News BriefDOJ charges crypto executive with laundering $530M for sanctioned Russian banks
The Department of Justice has charged the founder of cryptocurrency company Evita with 22 violations for allegedly laundering more than $500 million through U.S. banks and cryptocurrency exchanges, on behalf of sanctioned Russian entities.
-
News BriefSEC Chair Atkins signals end to ‘regulation by enforcement’ in line with Trump’s pro-crypto agenda
The Securities and Exchange Commission Chair Paul Atkins explained his agency’s shift on cryptocurrency regulation to a Senate committee as legislators bargain over President Donald Trump’s “One Big Beautiful Bill” and the GENIUS Act, which would have the federal government invest heavily in cryptocurrency.