Medibank Private executives will likely avoid prison sentences and the company will only face fines of “virtually nothing” following a data breach that exposed the ultra-sensitive health records of some of its customers, a data privacy expert said.

On Thursday, Medibank revealed it may have had as much as 200 gigabytes of health insurance data stolen in a cyberattack, including “first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data” of customers of its ahm and international students services. Ahm is Medibank’s low-cost insurance brand.