OAIC making inquiries with Medibank

20 October 2022

The Office of the Australian Information Commissioner (OAIC) is making preliminary inquiries with Medibank following its cyber incident, to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme.

As information is gathered and assessed, the number one priority is ensuring that Medibank customers have information and resources available to take steps to protect themselves from any risk arising as a result of their personal information being compromised.

“This matter is understandably of great concern, given the sensitive information that may be involved,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

“Individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices, and refer to reliable sites such as Scamwatch for guidance.

“We will be working with other government regulators and agencies in relation to the response to the breach.”

Medibank customers should contact 13 23 31 and ahm customers should contact 13 42 46. For more information, see Medibank Cyber Incident.

There are a number of resources that provide information on how individuals can take steps to mitigate the risk from data breaches. Information about responding to a data breach notification is available on our website. Resources are also available at cyber.gov.au.

Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.