Australian private insurer Medibank on Tuesday confirmed that a recently disclosed cyberattack impacts the data of more customers than initially thought. The announcement came days after hackers threatened to target celebrities.
Identified on October 12, the cyberattack was deemed as the precursor of a ransomware event, but was contained before ransomware could be deployed, Medibank has announced.
Roughly one week later, the company announced that it had been contacted by a threat actor claiming to have stolen roughly 200 gigabytes of data during the cyberattack.
Based on the evidence provided by the attacker, the company assessed that they had exfiltrated customer information from its ahm and international student systems.
In an October 25 update to its data breach notice, the company says that, based on proof supplied by the alleged attackers, Medibank customer data was also stolen during the incident.
The attackers have sent the company files containing ahm policy records (including personal and health claims data) and files containing Medibank customer data.
“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” the company says.
The company says it continues to notify impacted customers of the data breach, but it has yet to determine the total number of affected individuals. The health insurer has more than 3.9 million customers.
Last week, The Sydney Morning Herald revealed that the alleged attackers threatened to create a list of Medibank’s 1,000 most famous customers – including politicians, actors, activists, and of individuals “with very interesting diagnoses” – and email them their own medical information.
The Australian federal government has activated the national coordination mechanism (NCM) in response to the latest development in the Medibank cyberattack, the media outlet reported.