Back in 2022, a breach of Medibank, Australia’s largest health insurer, compromised the data of an astounding 9.7 million users. This is over a third of the entire country’s population. This information included private medical information and personal data sold on the dark web and accessed by Russian cybercriminals. Instrumental in uncovering this and taking action was the country’s Information Commissioner Angelene Falk. Last year, Medibank was warned to set aside $250 million in extra capital citing the Federal Court’s penalty of $2.22 million in local currency (or $1.48 million in U.S.) per each violation of the Privacy Act. Today we have learned that the country’s privacy regulator has filed a lawsuit in failing to take reasonable steps to ensure data privacy. The fines in this major civil action suit are expected to be in the trillions.