Login
iscover
UPDATED: Millions more compromised by the cyber crime and insurer says paying a ransom would fail to protect data.
Newsletter
Medibank hackers made off with complete database on 9.7m
07 November 2022
•
10 minute read
The name, date of birth, address, phone number and email for around 9.7 million past and present customers was stolen by the Medibank hackers, the insurer confirmed this morning, more than doubling the number previously thought exposed by the crime.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Medibank said it now believed its complete database had been accessed by the criminals but it would refuse to pay a ransom.
“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal,” Medibank said.
“Based on our investigation to date into this cybercrime we currently believe the criminal has accessed:
“Name, date of birth, address, phone number and email address for 9.7 million
current and former customers and some of their authorised representatives.
“This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers.”
Following advice from cybercrime experts it would refuse to pay a ransom because “we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published” and could have the opposite effect of encouraging direct exhortation of customers by the cyber criminal.
“This is a significant decision for the business and we’ve had extensive expert advice and the reality of that advice is that there was a small chance that paying a ransom – you can call it extortion – that it was very unlikely they may return customer data,” Medibank CEO Mr David Koczkar told The Australian.
- Medicare numbers (but not expiry dates) for ahm customers.
- Passport numbers (but not expiry dates) and visa details for international student customers.
- Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers, including service provider name and location, and procedure codes.
- Some personal and health claims data of around 5,200 My Home Hospital patients and contact details for around 2,900 next of kin of those patients.
- Health provider details, including names, provider numbers and addresses.
Medibank said it did not believe the criminal had accessed credit card and banking information nor the details of primary identity documents such as drivers’ licences.
It said customers should remain vigilant as the criminal may publish customer data online or attempt to contact customers directly.
“We acknowledge how distressing this will be for our customers and apologise unreservedly,” Medibank said.
“We will continue to inform affected customers of what data we believe has been accessed or stolen and provide advice on what they should do.”
You need to be a member to post comments. Become a member for free today!
