After a massive hacking breach, Australia’s banking regulator ordered Medibank (MPL.AX) to set aside A$250 million ($167 million) in extra capital.
The nation’s largest health insurer’s shares slumped 4.6%, their greatest intraday decrease since late October 2018. They traded at their lowest since May 3.
One of Australia’s largest data thefts occurred last year when a hacker obtained 9.7 million current and past Medibank customers’ personal information and posted it on the dark web.
Customers have filed at least three class action lawsuits against the firm in Australian courts over the network intrusion.
The capital adjustment will take effect on July 1 until Medibank completes a rehabilitation program to APRA’s satisfaction.
“In taking this action, APRA seeks to ensure that Medibank expedites its remediation programme,” member Suzanne Smith said.
Medibank said it had enough capital to make the capital adjustment and will cooperate with APRA on remediation.
According to Macquarie Research insurance analyst Andrew Buncombe, the regulator’s actions won’t affect Medibank’s earnings.
Medibank has rectified the control flaws that allowed unauthorized access to its systems, but APRA said it still has to improve its security environment and data management.
Medibank will undergo a governance and risk culture-focused technology evaluation by the regulator.
Since late last year, cyber incursions in Australia have increased, leading the government to overhaul security standards and create an agency to supervise government investment and coordinate hacker attacks in February.
A senior air force officer was appointed the first federal cybersecurity chief last week.
Comment Template