Published: 18 July 2024

The Office of the Australian Information Commissioner (OAIC) has been advised by former prescription delivery service provider MediSecure that approximately 12.9 million individuals may have been impacted by its cyber security incident. This is the largest number of individuals impacted notified to the OAIC under the Notifiable Data Breaches scheme.

MediSecure has issued a public statement on the data breach, which includes an outline of the types of personal information impacted.

The Australian Government has updated its advice for individuals on what to do to protect yourself if you think your personal information has been compromised.

If a data breach causes distress, there are support and resources available.

“The size and scope of the personal information involved in the MediSecure breach today is a further reminder of the need for organisations to make protecting individuals’ personal information a top priority,” Australian Privacy Commissioner Carly Kind said.

“The OAIC has continued to make inquiries of MediSecure and its administrators since the data breach was notified in relation to its compliance with obligations under the Notifiable Data Breaches scheme.

“The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Reform of the Privacy Act is urgent to ensure all Australian organisations build the highest levels of security into their operations and the community’s personal information is protected to the maximum extent possible.”

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia