Medibank Data Breach
Dear Office of the Australian Information Commissioner,
In relation to the Medibank*(1) Data Breach, please release any report and information provided by Medibank* to the OAIC, including if held, the "Deloitte" report(2,3) on it's Cyberattack, as reported:
1. https://www.oaic.gov.au/newsroom/oaic-op...
2. https://www.medibank.com.au/livebetter/n...
3. https://www.afr.com/companies/healthcare...
* Medibank includes any parent or subsidiary companies, including any representatives of those companies.
Personal data of individuals (names, contacts details etc) is not required. Duplicate content is not required (for example, email trails outlining the same content).
Yours faithfully
FOI Requestor
Your email has been received by the Office of Australian Information
Commissioner.
FOI requests to the OAIC
Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.
The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.
Accordingly:
1. if you are seeking to access documents of a particular
Commonwealth agency, you will need to make your request directly to the
relevant agency. For example, if you are requesting a copy of your visa
records, please make an FOI request and send it to the Department of Home
Affairs.
2. if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.
3. if you are seeking to access documents of a private
organization, which the FOI Act does not apply to, please contact the
organization directly to find out how to access the documents you are
seeking. For example, if you are seeking to access to hospital records or
your medical centre records, please contact these organisations directly.
Enquiries and other matters
If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...
- Enquiry
- Privacy Complaint
- Notifiable Data Breach
- Consumer Data Right Complaint
- FOI Complaint
- Freedom of Information Review
- Agency FOI Extension of Time Requests
- Speech requests.
Notice:
The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.
References
Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...
Our reference: FOIREQ23/00081
Dear FOI Requestor,
Freedom of Information request
I refer to your request for access to documents made under the Freedom of
Information Act 1982 (Cth) (FOI Act).
Your FOI request was received by the Office of the Australian Information
Commissioner (OAIC) on 28 April 2023. This means that a decision on your
FOI request is currently due on 29 May 2023.
Scope of your request
Your FOI request was made in the following terms:
Dear Office of the Australian Information Commissioner,
In relation to the Medibank*(1) Data Breach, please release any report and
information provided by Medibank* to the OAIC, including if held, the
"Deloitte" report(2,3) on it's Cyberattack, as reported:
1.
[1]https://www.oaic.gov.au/newsroom/oaic-op...
2.
[2]https://www.medibank.com.au/livebetter/n...
3.
[3]https://www.afr.com/companies/healthcare...
* Medibank includes any parent or subsidiary companies, including any
representatives of those companies.
Personal data of individuals (names, contacts details etc) is not
required. Duplicate content is not required (for example, email trails
outlining the same content).
Yours faithfully
FOI Requestor
In order to process your request as efficiently as possible, I will
exclude duplicates and early parts of email streams that are captured in
later email streams from the scope of this request.
I will not identify you as the FOI applicant during any consultation
process. However, documents that are within the scope of your request that
the OAIC may need to consult third parties about may contain your personal
information.
Timeframes for dealing with your request
Section 15 of the FOI Act requires the OAIC to process your request no
later than 30 days after the day we receive it. However, section 15(6) of
the FOI Act allows us a further 30 days in situations where we need to
consult with third parties about certain information, such as business
documents or documents affecting their personal privacy.
The current decision due date for your request is 29 May 2023. We will
advise you if this timeframe is otherwise extended.
Disclosure Log
Documents released under the FOI Act may be published online on our
disclosure log, unless they contain personal or business information that
would be unreasonable to publish.
If you would like to discuss your FOI request, please contact me on my
contact details set out below.
Kind regards
Jessica
[4][IMG] Jessica Summerhill
Lawyer
GPO Box 5288 Sydney NSW 2001
Office of the Australian Information Commissioner
P +61 2 9942 4028 E [5][OAIC request email]
The OAIC acknowledges Traditional Custodians of Country across Australia
and their continuing connection to land,
waters and communities. We pay our respect to First Nations people,
cultures and Elders past and present.
[6]Subscribe to Information Matters
Notice:
The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.
References
Visible links
1. https://www.oaic.gov.au/newsroom/oaic-op...
2. https://www.medibank.com.au/livebetter/n...
3. https://www.afr.com/companies/healthcare...
4. https://www.oaic.gov.au/
5. mailto:[OAIC request email]
6. https://www.oaic.gov.au/engage-with-us/n...
Our reference: FOIREQ23/00081
Dear FOI Requestor
Please see attached letter in relation to your request for information.
Kind regards
Jessica
[1][IMG] Jessica Summerhill
A/g Senior Lawyer
GPO Box 5288 Sydney NSW 2001
Office of the Australian Information Commissioner
P +61 2 9942 4028 E [2][OAIC request email]
The OAIC acknowledges Traditional Custodians of Country across Australia
and their continuing connection to land,
waters and communities. We pay our respect to First Nations people,
cultures and Elders past and present.
[3]Subscribe to Information Matters
Notice:
The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.
References
Visible links
1. https://www.oaic.gov.au/
2. mailto:[OAIC request email]
3. https://www.oaic.gov.au/engage-with-us/n...
Dear OAIC - FOI,
Thank you for undertaking a search and review activity.
Please see the revised request:
In relation to the Medibank(1) Data Breach, please release, if held, the "Deloitte"
report(2,3) on it's Cyberattack, as reported publicly:
1. https://www.oaic.gov.au/newsroom/oaic-op...
medibank-over-data-breach
2. https://www.medibank.com.au/livebetter/n...
update-deloitte-incident-review
3. https://www.afr.com/companies/healthcare...
cyberattack-report-findings-from-customers-public-20230428-p5d3yt
To assist narrow scope:
A-I define report as a single word or PDF document relating to the report mentioned in public media (2,3).
B-I do not require the contents of any emails where the responsive document may be attached.
C- I do not require physical records.
Yours sincerely,
FOI Requestor
Your email has been received by the Office of Australian Information
Commissioner.
FOI requests to the OAIC
Please note that this email address is only used for making requests to
obtain access to a document held by the OAIC pursuant to the Freedom of
Information Act 1982 (Cth) (FOI Act). We will only action and respond to
emails making FOI requests to the OAIC. For information on how to make an
FOI request to the OAIC, and to ensure that your request complies with the
requirements of the FOI Act, please refer to the FOI page on the OAIC’s
website at:
[1]https://www.oaic.gov.au/about-us/access-...
Once your request has been assessed by the OAIC, and registered on our
system, a separate acknowledgement email will be sent to you with a
reference number.
The OAIC does not hold all documents of other Commonwealth government
agencies, other state government agencies, or private organisations.
Accordingly:
1. if you are seeking to access documents of a particular
Commonwealth agency, you will need to make your request directly to the
relevant agency. For example, if you are requesting a copy of your visa
records, please make an FOI request and send it to the Department of Home
Affairs.
2. if you are seeking to access documents of a state or local
government agency, as each Australian state and territory also have
separate FOI legislation that governs information held by state government
agencies, please contact the relevant agency as to how to make an
application to access the documents. For example, if you are seeking
access to police report from NSW Police Force, it is governed by the
Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and you
will need to contact NSW police to find out how to make a GIPA application
for the police report.
3. if you are seeking to access documents of a private
organization, which the FOI Act does not apply to, please contact the
organization directly to find out how to access the documents you are
seeking. For example, if you are seeking to access to hospital records or
your medical centre records, please contact these organisations directly.
Enquiries and other matters
If your email relates to any of the following, please utilise our online
forms instead, which are available at
[2]https://www.oaic.gov.au/about-us/contact...
- Enquiry
- Privacy Complaint
- Notifiable Data Breach
- Consumer Data Right Complaint
- FOI Complaint
- Freedom of Information Review
- Agency FOI Extension of Time Requests
- Speech requests.
Notice:
The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.
References
Visible links
1. https://www.oaic.gov.au/about-us/access-...
2. https://www.oaic.gov.au/about-us/contact...
Our reference: FOIREQ23/00081
Dear FOI Requestor,
Please see attached decision in relation to your request for information.
Kind regards
Jessica
[1][IMG] Jessica Summerhill
A/g Senior Lawyer
GPO Box 5288 Sydney NSW 2001
Office of the Australian Information Commissioner
P +61 2 9942 4028 E [2][OAIC request email]
The OAIC acknowledges Traditional Custodians of Country across Australia
and their continuing connection to land,
waters and communities. We pay our respect to First Nations people,
cultures and Elders past and present.
[3]Subscribe to Information Matters
Notice:
The information contained in this email message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this email is unauthorised. If you received this
email in error, please notify the sender by contacting the department's
switchboard on 1300 488 064 during business hours (8:30am - 5pm Canberra
time) and delete all copies of this transmission together with any
attachments.
References
Visible links
1. https://www.oaic.gov.au/
2. mailto:[OAIC request email]
3. https://www.oaic.gov.au/engage-with-us/n...