Australia regulator tells Medibank to set aside $167 million after data breach

SYDNEY (Reuters) – Australia’s banking regulator told insurer Medibank (MPL.AX) on Tuesday it would have to set aside A$250 million ($167 million) in extra capital, citing weaknesses identified in its information security after a major hacking breach.

Shares of the country’s biggest health insurer fell as much as 4.6% to mark their worst intraday drop since late October last year. They were last trading at their lowest level since May 3.

Medibank last year disclosed that a hacker stole the personal information of 9.7 million current and former customers and released the data on the dark web in one of Australia’s biggest data thefts.

At least three separate class action suits have been filed against the company in Australian courts on behalf of affected customers.

The Australian Prudential and Regulation Authority (APRA) said the capital adjustment would be effective from July 1 and remain in place until an agreed remediation programme is completed by Medibank to the regulator’s satisfaction.

“In taking this action, APRA seeks to ensure that Medibank expedites its remediation programme,” said Suzanne Smith, an APRA executive board member.

In a statement, Medibank said it had sufficient existing funds to meet the capital adjustment and would continue to work with APRA on remediation measures.

Citigroup analyst Nigel Pittaway said Medibank had enough funds to “relatively easily deal” with the impost.

“We already expected capital returns would be unlikely in this environment given the focus after the cyberattack,” he said. “APRA’s imposition of an increase in Medibank’s capital adequacy requirement … confirms that, aside from its ordinary dividend, Medibank will be unable to return capital to shareholders in the near term.”

Although Medibank has already addressed the specific control weaknesses that permitted unauthorised access to its systems, it still has more work to do across a number of areas to boost its security environment and data management, APRA said.

The regulator’s action is likely to “raise concerns about further potential cyberattack related impacts” on Medibank, Pittaway said.

APRA will also conduct a targeted technology review of Medibank, with a focus on governance and risk culture.

Australia has seen a rise in cyber intrusions since late last year, prompting the government in February to reform security rules and set up an agency to oversee government investment and help coordinate responses to hacker attacks.

The federal government last week named a senior air force commander as its first cybersecurity boss.

Image by: REUTERS/David Gray/File Photo

Shopping Cart

Media Kit

    Data Protection

    Personal Data (“Data”) submitted for Media Kit (“Media Kit”), and/or collected in the form of first name, last name, email address and other contact details may be used for the purposes of inviting you to future events and for reaching out to you with content which may be of interest to you. For these purposes, The Digital Banker will share the Data with our associate companies (including event and content sponsors) to promote their products and services. You will also be automatically subscribed as a user on www.thedigitalbanker.com. If you would like to opt-out, email us at [email protected].

    By clicking Submit, you acknowledge that you consent/ have sufficient informed consent to the collection, use and disclosure of Data as set out above.

    The Digital Banker Summit

    Moving on from FTX: is 2023 the year of CBDCs?

    Indonesia, Jakarta

    Thailand, Bangkok

    Philippines, Manila

    Contact Us

      Data Protection

      The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

      Request Nomination Pack

        Data Protection

        The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

        Registration Form

          Data Protection

          The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

          Registration Form

            Data Protection

            The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

            Registration Form

              Data Protection

              The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

              Registration Form

                Data Protection

                The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                Registration Form

                  Data Protection

                  The information you provide will be held on our database and may be used to keep you informed of our and our associate companies’ products and for selected third party mailings. Please tick the box if you would prefer not to be contacted for these purposes:

                  The world’s preeminent Private Banks and Wealth Managers are demonstrating a committed drive in innovation, advisory, new products and services to meet the sophisticated needs of their clients.

                  COVID-19
                  Amid economic activity revival on the back of the Covid-19 vaccine program, organisations moving from business continuity plans to stable working environments, together with the slightest improvement in unemployment numbers, forced the world to adjust to new realities. Coming to terms with the “new normal”, global investors are now on the look-out for attractive and stable investment opportunities.

                  Needs of Private Wealth customers and families worldwide have drastically changed due to the pandemic and banks have had to accelerate efforts to deploy a multi-channel service strategy and safeguard clients’ businesses and wealth against negative impacts of economic uncertainly.

                  The Global Private Banking Innovation Awards will recognise the world’s best private banks, wealth managers and asset managers that are championing innovation across advisory, service, products, customer experience and more.

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 

                  Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

                  Request Nomination Pack

                  Error: Contact form not found.