Woman 'appalled' abortion details leaked

Woman ‘appalled’ abortion details leaked

Welcome to Sisters In Law, news.com.au’s weekly column to solve all your legal woes. This week, our resident lawyers and real-life sisters, Alison and Jillian Barrett, advise Maurice Blackburn on what to do if your sensitive information has been leaked on the dark web.

Question:

I have private health insurance with Medibank and was the victim of the recent cyber attack on their stored data.

I’ve had an abortion in the past, and I think I’m one of those people who had their health records — including information about an abortion — on the dark web.

I am not ashamed to have had an abortion but at the same time this is my private health information and I am appalled that people are able to see it.

I feel hurt and angry that this could happen. What now? These companies must be held accountable. What can I do? – Anon, WA

Answers:

We’re sorry to hear that you are one of millions of Medibank customers who have had their personal information stolen. You have every right to be concerned about the impact of this serious data breach.

Medibank’s data breach involved not only access to sensitive health information, but also customer names, dates of birth, phone numbers, email addresses, and some Medicare and passport numbers.

Some of this stolen data has already been published on the dark web by a ransomware group, meaning the potential consequences for data subjects could be significant.

You should not search for any information or data that may have been published on the dark web. Instead, contact Medibank directly for information on what data may have been compromised.

The stolen personal information could be used to create new accounts in your name, including credit cards, loans, and social media profiles.

You must be extremely vigilant for signs that your data may be used, e.g. B. Unexplained debits from bank accounts or e-mails from unknown companies. It would be wise to change all the passwords of your online accounts.

You can also contact the major credit bureaus and request that they temporarily block access to your information on a credit report, preventing fraudulent loan applications from being processed.

The Scamwatch website provides additional recommendations for protecting personal information after a data breach.

If you become a victim of identity fraud, you can report it to the police.

You should also contact the relevant company that used your personal information and request that the account be deleted.

If you have been a victim of unauthorized banking transactions or loans, report it to your financial institution so they can investigate. It is likely that they will refund you the lost money.

Report any unusual activity to Report Cyber ​​​​​​and make sure all your devices and accounts have the latest security updates, including multi-factor authentication.

IDCARE is a support center that offers free assistance to victims of identity theft, e.g. B. repairing damage done to your reputation or creditworthiness.

The burning question on everyone’s lips is whether companies like Medibank can be punished for such data breaches.

Organizations that hold sensitive personal information must take security precautions to protect the information from unauthorized access.

Australia’s privacy laws have been the subject of considerable debate for many years and the Commonwealth Government has recognized that we need to better regulate how companies collect and manage our personal information.

The government has proposed changes that include increasing penalties for serious and repeated data breaches from $2.2 million to $50 million or more.

The Attorney General’s Department is also completing a review of the Privacy Act and further recommendations for legislative changes are expected to result.

Whether or not Medibank (and other companies that have been hacked) are held liable under data protection law depends on whether the breach was “serious” or “repeated” and whether they took “reasonable steps” to protect the personal information.

This requires a lengthy and complicated investigation into the cybersecurity systems in place, how their system was hacked and whether they could have prevented the attack.

Not only the behavior of Medibank before the data breach was put to the test.

They are also required to ensure that they report any breach in a timely manner, and they will take appropriate measures to protect the personal information after the breach, such as: B. Fixing system problems.

In addition to any fines the company may face, affected customers like you could successfully claim money from Medibank for financial losses caused by the breach.

For example, you may be able to claim the cost of things like seeing a counselor to deal with the stress associated with the breach, or having security cameras installed in your home to help you feel more secure.

If you cannot resolve your complaint directly with Medibank, you can lodge a complaint with the Office of the Australian Information Commissioner.

This legal information is general in nature and should not be relied upon as specific legal advice. Persons requiring specific legal advice should consult an attorney.

If you have a legal question that you would like Alison and Jillian to answer, please email stories@news.com.au

Find out more from Alison and Jillian on their Facebook page

#Woman #appalled #abortion #details #leaked

Leave a Comment

Your email address will not be published. Required fields are marked *