(Reuters) — Australia’s banking regulator told insurer Medibank on Tuesday it would need to set aside A$250 million ($167 million) in extra capital, citing weaknesses identified in its information security after a major breach.
Medibank revealed last year that a hacker stole personal information from 9.7 million current and former customers and released the data on the dark web in one of Australia’s biggest data thefts.
At least three separate class actions have been filed against the company in Australian courts on behalf of affected customers.
The Australian Prudential and Regulation Authority (APRA) said the capital adjustment would take effect on July 1 and remain in place until an agreed restructuring program has been completed by Medibank to the regulator̵7;s satisfaction.
In a statement, Medibank said it had sufficient existing funds to meet the capital adjustment and would continue to work with APRA on resolution measures.