Australian insurer warns of ‘distressing’ data threat


Medibank Private, one of Australia’s largest insurers, told customers to be “vigilant” after the reported threat, issued a day after it had ruled out paying any ransom demand. — Bloomberg

SYDNEY: A major Australian health insurer warned Nov 8 of a “distressing” threat by a purported hacker to release data within 24 hours from a hack affecting 10 million people.

Medibank Private, one of Australia’s largest insurers, told customers to be “vigilant” after the reported threat, issued a day after it had ruled out paying any ransom demand.

The warning came a day after a hack originally thought to have breached the data of 3.9 million customers had in fact given access to the names, birth dates, addresses, phone numbers and emails of about 9.7 million former and existing clients.

On Nov 8, an anonymous poster on a hacking blog – widely cited by Australian media – said “data will be publish in 24 hours”.

It was not possible to confirm whether the poster was connected to the hack or had access to people’s stolen information.

“We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Medibank chief executive David Koczkar said, calling for customers to be “vigilant”.

“We unreservedly apologise to our customers,” he added, describing the “weaponisation” of their data as malicious.

The hacker could also attempt to contact customers directly, the company warned.

The data breach of Medibank – one of Australia’s largest insurers – included 1.8 million international customers.

‘Betrayal’

The company had said in Monday's announcement that they believe “all of the customer data accessed could have been taken by the criminal”, which contained people’s health claims along with codes exposing their diagnoses and medical procedures.

Passport numbers and the visa details of international students were also part of the data hack.

Medibank said it was working with the Australian government and with the police, who were trying to prevent the sharing and sale of the stolen data.

Cybercrime experts had advised that paying a ransom had only a “limited chance” of ensuring the return of the stolen data, Koczkar said, adding that it could encourage the direct extortion of its clients.

“It is for these reasons that we have decided we will not pay a ransom for this event,” he said.

Two law firms said Tuesday they had joined forces to investigate a possible class action lawsuit against Medibank.

“We believe the data breach is a betrayal of Medibank Private’s customers and a breach of the Privacy Act,” said a joint statement by Bannister Law and Centennial Lawyers. “Medibank has a duty to keep this kind of information confidential.”

The Medibank hack followed an attack on telecom company Optus in September that exposed the personal information of some nine million Australians – almost a third of the population. – AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Australia

   

Next In Tech News

Musk now says it's 'pointless' to build a $25,000 Tesla for human drivers
Google defeats lawsuit over gift card fraud
Russian court fines Apple for not deleting two podcasts, RIA reports
GlobalFoundries forecasts upbeat Q4 results on strong demand from smartphone makers
Emerson sharpens automation focus with offer for rest of AspenTech in $15 billion deal
Palantir shares surge to record as AI boom powers forecast raise
Tax fraud investigators search Netflix offices in Paris and Amsterdam, says source
Singapore's Keppel to buy Japanese AI-ready data centre
Tesla increases wages for staff at German gigafactory by 4%
Apple explores push into smart glasses with ‘Atlas’ user study

Others Also Read