Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Medibank Confirms Data Breach Impacts 9.7 Million Customers

Australian health insurer Medibank today confirmed that the data of 9.7 million customers was compromised in a recent cyberattack.

The incident was identified on October 12, before threat actors could deploy file-encrypting ransomware, but not before they stole data from the company’s systems.

Australian health insurer Medibank today confirmed that the data of 9.7 million customers was compromised in a recent cyberattack.

The incident was identified on October 12, before threat actors could deploy file-encrypting ransomware, but not before they stole data from the company’s systems.

Medibank, which immediately initiated incident response and launched an investigation into the attack, could not determine whether customer data was compromised until contacted by the threat actor behind the data breach.

Two weeks ago, the company estimated that roughly 4 million customers might have been impacted by the cyberattack, but it has now increased that estimate to 9.7 million.

The attackers accessed the data of “around 9.7 million current and former customers and some of their authorized representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers,” the company said earlier today.

Personal information compromised during the attack includes names, addresses, birth dates, phone numbers, and email addresses, Medibank announced. Medicare numbers, passport numbers, and visa details for international students were also compromised.

Health claims data for some Medibank, ahm, and international customers was also compromised, including service provider’s name and location, the location where medical services were provided, and diagnosis and procedures codes.

“Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed,” Medibank announced.

Advertisement. Scroll to continue reading.

The health insurance provider says that no primary identity documents, such as drivers’ licenses, were compromised in the cyberattack, as Medibank does not collect them, except in special circumstances. Credit card data, banking details, and health claims data for extras services were not accessed either.

Medibank announced that it now believes the attackers exfiltrated all of the customer data they were able to access during the incident, but said that it will not pay any ransom demand.

“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” Medibank CEO David Koczkar said.

The company, which has restored services impacted by the incident and has maintained business operations during the event, says that no further suspicious activity has been identified inside its network since October 12.

Related: Data Breach at Australian Health Insurer Impacts 4 Million Customers; Could Cost $35M

Related: Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers

Related: Australia Flags New Corporate Penalties for Privacy Breaches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.