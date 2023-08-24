Data breach could cost Medibank $35 million in 2024

By

Excluding regulatory action, lawsuits.

Medibank’s 2022 data breach cost the health insurer $46.4 million in the 2022-2023 financial year, and the total cost by next year could pass $80 million.

Data breach could cost Medibank $35 million in 2024

The company disclosed the rising costs in its 2022-2023 annual report released today [pdf].

The costs already incurred covered Medibank’s incident response and its customer support package.

“We expect $30 million to $35 million in 2024 for further IT security uplift, legal costs and other costs related to regulatory investigations and litigation,” Medibank said.

“This does not include the impacts of any potential findings or outcomes from regulatory investigations or litigation”.

The data breach, which emerged in October 2022, occurred when attackers obtained the credentials of a third-party contractor. That resulted in the leak of information on 9.7 customers.

In June, the Australian Prudential Regulatory Authority launched a  “targeted technology review” and imposed an extra $250 million capital requirement on Medibank in the wake of the data breach.

As part of its response, the annual report stated, Medibank established a cyber response board committee comprising board chairman Mike Wilkins, CEO David Koczkar, and risk management committee chair David Fagan.

The annual report also reveals that the CEO and key management personnel had their short term incentive payments reduced by $2.6 million to zero over the incident.

Medibank also revealed that as well as the regulatory investigation underway by the Office of the Australian Information Commissioner, it faces as many as three class action lawsuits over the data breach.

Two class actions on behalf of customers led by Baker and McKenzie and Slater and Gordon have been combined into a single lawsuit.

Meanwhile, shareholder lawsuits have been launched by Quinn Emanuel and Phi Finney McDonald. An application has been made in the Federal Court to combine these into a single action.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breachmedibanksecuritystrategy

Sponsored Whitepapers

Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Transforming Your Business
Transforming Your Business
Operational Excellence Through System Modernisation
Operational Excellence Through System Modernisation
The Complete Cloud Security Buyer's Guide
The Complete Cloud Security Buyer's Guide
The Complete MDR Buyer's Guide
The Complete MDR Buyer's Guide

Most Read Articles

Toll Government and Defence targets second phase of IT modernisation

Toll Government and Defence targets second phase of IT modernisation
Latitude Financial flags $76 million in cyber incident costs

Latitude Financial flags $76 million in cyber incident costs
SA Power Networks seeks $314m ICT budget

SA Power Networks seeks $314m ICT budget
Endeavour Group targets $200m savings with three-year tech program

Endeavour Group targets $200m savings with three-year tech program

Digital Nation

DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding

Log In

  |  Forgot your password?