Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Medibank Confirms Broader Cyberattack Impact After Hackers Threaten to Target Celebs

Australian private insurer Medibank on Tuesday confirmed that a recently disclosed cyberattack impacts the data of more customers than initially thought. The announcement came days after hackers threatened to target celebrities.

Australian private insurer Medibank on Tuesday confirmed that a recently disclosed cyberattack impacts the data of more customers than initially thought. The announcement came days after hackers threatened to target celebrities.

Identified on October 12, the cyberattack was deemed as the precursor of a ransomware event, but was contained before ransomware could be deployed, Medibank has announced.

Roughly one week later, the company announced that it had been contacted by a threat actor claiming to have stolen roughly 200 gigabytes of data during the cyberattack.

Based on the evidence provided by the attacker, the company assessed that they had exfiltrated customer information from its ahm and international student systems.

In an October 25 update to its data breach notice, the company says that, based on proof supplied by the alleged attackers, Medibank customer data was also stolen during the incident.

The attackers have sent the company files containing ahm policy records (including personal and health claims data) and files containing Medibank customer data.

“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” the company says.

The company says it continues to notify impacted customers of the data breach, but it has yet to determine the total number of affected individuals. The health insurer has more than 3.9 million customers.

Advertisement. Scroll to continue reading.

Last week, The Sydney Morning Herald revealed that the alleged attackers threatened to create a list of Medibank’s 1,000 most famous customers – including politicians, actors, activists, and of individuals “with very interesting diagnoses” – and email them their own medical information.

The Australian federal government has activated the national coordination mechanism (NCM) in response to the latest development in the Medibank cyberattack, the media outlet reported.

Related: Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers

Related: Australia Flags New Corporate Penalties for Privacy Breaches

Related: Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers

Related: Second Australia-Based Singtel Subsidiary Hacked

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.