Australia's privacy watchdog, the OAIC, has taken legal action against Medibank Private for a significant data breach.

The breach occurred between March 2021 and October 2022, affecting 9.7 million Australians.

Sensitive information such as names, dates of birth, and Medicare numbers were exposed, raising concerns about identity theft and financial crimes.

The breach has been attributed to Russian hacker Aleksandr Ermakov.

The OAIC is seeking penalties of up to AUD2.2 million for each violation of the Privacy Act 1988.

Foreign Minister Penny Wong has announced sanctions against Ermakov for his alleged involvement.

Medibank's share price has remained steady despite the breach, indicating investor confidence.

The company plans to invest an additional A$250 million to address security vulnerabilities.

This case underscores the importance of organizations prioritizing data security to protect individuals and comply with cybersecurity legislation in Australia.