Australia regulator tells Medibank to set aside $167M after data breach
(Reuters) — Australia’s banking regulator told insurer Medibank on Tuesday it would have to set aside A$250 million ($167 million) in extra capital, citing weaknesses identified in its information security after a major hacking breach.
Medibank last year disclosed that a hacker stole the personal information of 9.7 million current and former customers and released the data on the dark web in one of Australia's biggest data thefts.
At least three separate class-action suits have been filed against the company in Australian courts on behalf of affected customers.
The Australian Prudential and Regulation Authority (APRA) said the capital adjustment would be effective from July 1 and remain in place until an agreed remediation program is completed by Medibank to the regulator's satisfaction.
In a statement, Medibank said it had sufficient existing funds to meet the capital adjustment and would continue to work with APRA on remediation measures.
