Medibank is facing the prospect of financial penalties for its data breach after the Office of the Australian Information Commissioner (OAIC) opened an investigation on its personal information-handling practices.
The OAIC said its investigation would “focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.”
“The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs),” the office said in a statement.
An adverse finding could expose Medibank to penalties of up to $2.2 million for each contravention.
The launch of the investigation coincided with the apparent dump of all remaining data by the attackers.
Medibank is offering a range of support to victims of the data breach.
