When a breach compromises client data: Lessons from Medibank

An update on a big breach in Australia has come on the heels of news of other breaches (see: Optus breach and Woolworths breach). Medibank Private Ltd, Australia’s biggest health insurer, has announced that a cyber hack compromised the data of all of its customers.

Nearly 4 million customers had their data compromised, meaning all personal and significant amounts of health claims have been laid bare for the hacker.

A wake-up call

While the Medibank breach is still a developing case, it’s a wake-up call to firms that are in charge of any kind of client data. Comparisons can be drawn from the health industry that stores sensitive client information to the financial services industry, especially accounting firms, that similarly are data custodians for their clients.

With the amount of client data accountants are privy to, it’s not a stretch of the imagination that an accounting firm is an attractive target to cyber criminals.

Professionals in the cybersecurity space have stated that most companies would receive cyber attacks and should have a recovery plan. Having confidential data backed up frequently in a secure location is the best way to ensure hackers could not access it.

Maintaining client trust in your business

A data breach can impact a firm in a myriad of ways. The most obvious one is the financial aspect. In this breach, malicious actors are asking that a ransom be paid for the restoration of the data. There is also a significant amount of finances going towards breach remediation and securing the assistance of cyber incident professionals in this case.

However, the biggest thing that accounting firms must take note of in this breach is the loss of client trust in the affected business. While your accounting firm might not be a huge corporation like Medibank or Optus, your clients implicitly trust you with their data. Their bank accounts, their personal data—clients do business with your firm confident that you’re a trustworthy data custodian.

The best way small businesses can affirm this trust their clients have in them is by showing that they are taking steps to protect client data. Firms should not only review processes and educate their team members, but best practices for cyber security should also be enacted.

Access management, threat detection and antivirus systems, and breach response controls should be employed by accounting firms in ensuring client data is safe—and assure that your clients are placing their trust in a business that values their client data.


Want to know how 20,000 accountants all over the world are securing their data with Practice Protect, and reinforcing client trust? Book a demo with the team here.