Australian private insurer Medibank on Tuesday confirmed that a recently disclosed cyberattack impacts the data of more customers than initially thought. The announcement came days after hackers threatened to target celebrities.
Identified on October 12, the cyberattack was deemed as the precursor of a ransomware event, but was contained before ransomware could be deployed, Medibank has announced.
Roughly one week later, the company announced that it had been contacted by a threat actor claiming to have stolen roughly 200 gigabytes of data during the cyberattack.
Based on the evidence provided by the attacker, the company assessed that they had exfiltrated customer information from its ahm and international student systems.
In an October 25 update to its data breach notice, the company says that, based on proof supplied by the alleged attackers, Medibank customer data was also stolen during the incident.
The attackers have sent the company files containing ahm policy records (including personal and health claims data) and files containing Medibank customer data.
“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” the company says.
The company says it continues to notify impacted customers of the data breach, but it has yet to determine the total number of affected individuals. The health insurer has more than 3.9 million customers.
Last week, The Sydney Morning Herald revealed that the alleged attackers threatened to create a list of Medibank’s 1,000 most famous customers – including politicians, actors, activists, and of individuals “with very interesting diagnoses” – and email them their own medical information.
The Australian federal government has activated the national coordination mechanism (NCM) in response to the latest development in the Medibank cyberattack, the media outlet reported.
Related: Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers
Related: Australia Flags New Corporate Penalties for Privacy Breaches
Related: Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers
Related: Second Australia-Based Singtel Subsidiary Hacked
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
