Australia regulator tells Medibank to set aside $167 mln after data breach

SYDNEY��–��Australia‘s banking�����𲵳ܱ����ٴǰ���told insurer Medibank on Tuesday it would have to��������������������A$250 million ($167 million) in extra capital, citing weaknesses identified in its information security�����ڳٱ����a major hacking�������𲹳���.

Shares of the country’s biggest health insurer fell as much as 4.6% to mark their worst intraday drop since late October last year. They were last trading at their lowest level since May 3.

�ѱ�徱�����԰���last year disclosed that a hacker  of 9.7 million current and former customers and released the���岹�ٲ���on the dark web in one of�����ܲ��ٰ���������‘s biggest���岹�ٲ���thefts.

At least three separate  have been filed against the company in�����ܲ��ٰ���������n courts on behalf of affected customers.

The�����ܲ��ٰ���������n Prudential and Regulation Authority (APRA) said the capital adjustment would be effective from July 1 and remain in place until an agreed remediation program is completed by �ѱ�徱�����԰���to the�����𲵳ܱ����ٴǰ�‘s satisfaction.

“In taking this action, APRA seeks to ensure that �ѱ�徱�����԰���expedites its remediation program,” said Suzanne Smith, an APRA executive board member.

In a statement, �ѱ�徱�����԰���said it had sufficient existing funds to meet the capital adjustment and would continue to work with APRA on remediation measures.

Citigroup analyst Nigel Pittaway said �ѱ�徱�����԰���had enough funds to “relatively easily deal” with the impost.

“We already expected capital returns would be unlikely in this environment given the focus�����ڳٱ����the cyberattack,” he said. “APRA’s imposition of an increase in���ѱ�徱�����԰�‘s capital adequacy requirement … confirms that, �����������from its ordinary dividend, �ѱ�徱�����԰���will be unable to return capital to shareholders in the near term.”

Although �ѱ�徱�����԰���has already addressed the specific control weaknesses that permitted unauthorized access to its systems, it still has more work to do across a number of areas to boost its security environment and���岹�ٲ���management, APRA said.

The�����𲵳ܱ����ٴǰ�‘s action is likely to “raise concerns about further potential cyberattack related impacts” on���ѱ�徱�����԰�, Pittaway said.

APRA will also conduct a targeted technology review of���ѱ�徱�����԰�, with a focus on governance and risk culture.

���ܲ��ٰ�����������has seen a rise in cyber intrusions since late last year, prompting the government in February to reform security rules and  to oversee government investment and help coordinate responses to hacker attacks.

The federal government last week named a senior air force commander as its first . – Reuters