This was the most recent in a string of hacks that have affected millions of people and exposed the careless attitude Australian businesses have toward cyber security.
One-fifth of Australia’s population, or 3.9 million policyholders, according to Medibank CEO David Koczkar, had their personal information exposed.
“Our investigation has now established that this criminal has accessed all our private health insurance customers’ data and significant amounts of their health claims data,” he remarked in a report to the Australian stock exchange.
“This is a terrible crime. This is a crime designed to cause maximum harm to the most vulnerable members of our community.”
Although the cyberattack was made public last week, the scale of the effect was not clear at the time.
In the past, the hackers have warned to release the information, beginning with 1,000 well-known Australians, provided Medibank pays a ransom.
On Wednesday, Medibank said that it lacked cyber insurance and predicted the hack may cost the business up to A$35 million (US$22 million).
Following a breach at telecom provider Optus last month that exposed the personal information of nearly a third of Australia’s population, or nine million people, the Medibank breach happened.
One of the biggest data breaches in Australian history occurred during the Optus hack.
Attorney-General of Australia Mark Dreyfus has previously charged businesses with hoarding private consumer information.
The current meager fines that businesses must pay for failing to protect client data are Au$2.2 million.
Last week, Dreyfus declared that these penalties will be increased to A$50 million.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate,” he added.
“It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
The consequences from the Medibank hack, according to Home Affairs Minister Clare O’Neil, is “possibly irreversible,” she warned on Tuesday.
“One of the reasons why the government is so worried about this is because of the nature of the data,” she informed Australia’s parliament.
“When it comes to the personal health information of Australians, the damage here is potentially irreparable.”
Hacking has previously been referred to by O’Neil as a “dog act”—a term used in Australia to signify particularly heinous or reprehensible behavior.