Medibank admits personal data stolen in cyber attack

Medibank has admitted that some of its customers’ personal details, including names, addresses, Medicare numbers and phone numbers, have been stolen in a cyber attack.

Key Points:

  • In addition to personal data, some medical claims data, including private services, was stolen
  • Medibank expects the number of affected customers to grow
  • The matter has been transferred to the Australian Federal Police

In a statement, the company said the criminal group allegedly responsible had claimed 200 gigabytes of data had been stolen and would be contacting affected customers to inform them and what to do next.

“The criminal [group] has provided a sample of records for 100 policies, which we believe are from our international student systems and ahm,” he said.

“This data includes first and last names, addresses, dates of birth, Medicare numbers, policy numbers, telephone numbers and some claims data.”

He said the claims data involved where the medical service was located and codes related to their diagnosis and procedures.

“The criminal claims to have stolen other information, including data related to credit card security, which has not yet been verified by our investigations,” it said.

Medibank said it understood the development was upsetting and expected the number of affected customers to grow as the incident continued.

Earlier this week, Medibank said it had been contacted by a group that claimed it had deleted customer data and wanted to negotiate with the company, but investigations were underway to find out if the claim was true.

CEO apologizes for stolen data

The company’s CEO, David Koczkar, offered an unreserved apology for “this crime, which has been perpetrated against our customers.”

“I know many will be disappointed with Medibank and I recognize that disappointment,” he said.

“This cybercrime is now the subject of an investigation by the Australian Federal Police.

“We will learn from this incident and share our learning with others.”

Koczkar promised to continue to provide updates to clients and the public as the investigation continues.

The revelations come hours after Cyber ​​Security Minister Clare O’Neil confirmed the matter had been referred to the AFP and that Medibank was working with the Australian Cyber ​​Security Center and the Australian Signals Directorate in the attack

Opposition Leader Peter Dutton encouraged businesses and individuals to use the resources offered through the ASD and ACSC to better protect themselves.

“I would encourage people to go to these websites, just to get the patches, the updates, the updates and for the government to continue that message,” he said.

He said the government was missing the point of making sure people knew where they could go and what they could do to protect themselves.

“No one is providing that support and that message to the community and it’s important that people just take the basics and update your passwords to something that’s not predictable. Do it regularly,” Dutton said.

“Make sure software updates are installed as you receive them on your phone on your devices.”

Medibank was hit by a cyber attack last week, but at the time said there was no evidence that sensitive data had been accessed.

The trading halt in Medibank shares will continue until further notice.

Leave a Comment

Your email address will not be published. Required fields are marked *