Medibank, an Australian health insurance provider, has fallen victim to a cyber attack. The personal data of around 10 million of their customers has been affected.
Australian health insurer Medibank, based in Melbourne and the country’s largest insurer, was the victim of a large-scale cyber attack in October. The number of victims, initially estimated at around 4 million by the company, would actually total nearly 10 million for the company and its subsidiaries, Bloomberg reported on November 6. Among the stolen data are the insurance company’s customers.
According to the company, the stolen files contain customers’ personal data, such as first and last names, date of birth, email and postal addresses, and phone numbers. Some Medicare numbers (the Australian equivalent of the Social Security number) are also found there, but the exact proportion of numbers stolen is still unknown. Passport numbers of foreign students are also included, along with other information, such as customers from the company’s subsidiaries, Bloomberg reports.
The cybercriminals demanded a ransom from the company, but the latter indicated its intention not to pay it.
“Based on advice we’ve received from cybercrime experts, paying a ransom does not give us a 100% guarantee of recovering our customers’ data or preventing it from being published. In fact, payment can even have the opposite effect, encouraging criminals to extort directly from our customers, so there is a good chance that payment will have a negative impact on a larger number of people”, reasons David Koczkar, CEO of the Medibank Group.
The latter had already spoken when the attack was revealed, suggesting that forecasts of the number of victims could be revised upwards.
“We believe that the number of robbed customers may be greater than expected, and we expect the number of victims to increase significantly. I apologize unreservedly to our customers,” he said.
The company said it was still measuring the extent of the damage, including through an internal audit.