A Russian man has been named and sanctioned for his role in Australia's worst data breach.
The personal information of 9.7m Australians was stolen from the country's largest health insurer, Medibank, in late 2022.
Sensitive documents, including abortion records, were then posted online.
The cyber sanctions – the first of their kind in Australia – include financial penalties and a travel ban for Aleksandr Ermakov.
Little has been made public about Mr Ermakov, but Australian intelligence authorities say he is part of the infamous Russian cyber-crime gang REvil – which has been linked to attacks across Europe, the US and UK.
Announcing the measures on Tuesday, Home Affairs Minister Clare O'Neil described the Medibank hack as "the single most devastating cyber-attack we have experienced as a nation".
"Literally millions of people having personal data about themselves, their family members, taken from them and cruelly placed online for others to see," she said.
"These people are cowards and scumbags… we'll unveil who you are and we'll make sure you're accountable."
Authorities are still investigating the breach, Ms O'Neil added, and more people may face penalties.
It is the first time the government has used cyber sanctions legislation, passed in 2021, which applies financial punishments to people involved in significant online attacks.
Australia has faced a string of large data breaches in recent years, but few – if any – have rocked the country like the Medibank hack.
The cyber criminals had stolen login details which granted them access to all of Medibank's customer data – including the medical records of everyone from athletes and media figures to the Prime Minister Anthony Albanese.
They began posting the data online after the insurer – with the government's support – refused to pay a ransom.
They first released a set of files named "good-list" and "naughty-list" which contained, among other things, people's health claims data – including records of treatment for mental health or addiction – as well as names, addresses, birthdates, and government ID numbers. Soon after they posted: "added one more file abortions.csv…", about some customer's end of pregnancy procedures.
Medibank at the time apologised for what it called the "malicious weaponisation" of private information, with CEO David Koczkaro warning that the data release could stop people from seeking medical assistance.
Several class actions – which argue the firms should have better protected such sensitive data – have since been launched.
Police investigate the vandalism in Melbourne – which included graffiti saying "the colony will fall".
Regulator admits key security procedure on X account was suspended six months before it was hacked.
It hopes to help fill a shortfall in cyber security staff.
His legacy includes Australia's pandemic response, the Aukus security pact, and several controversies.
Scott Morrison was once considered a "miracle-worker", but his popularity plunged amid controversies.
Copyright 2024 BBC. All rights reserved.  The BBC is not responsible for the content of external sites. Read about our approach to external linking.
Beta Terms By using the Beta Site, you agree that such use is at your own risk and you know that the Beta Site may include known or unknown bugs or errors, that we have no obligation to make this Beta Site available with or without charge for any period of time, nor to make it available at all, and that nothing in these Beta Terms or your use of the Beta Site creates any employment relationship between you and us. The Beta Site is provided on an “as is” and “as available” basis and we make no warranty to you of any kind, express or implied.
In case of conflict between these Beta Terms and the BBC Terms of Use these Beta Terms shall prevail.

source