A hack on an Australian health insurer appears to be far larger than initially suspected, with the company saying it will refuse to pay a ransom for the theft of data.
The attack on Medibank Private Ltd. exposed the data of around 9.7 million current and former customers and some of their authorized representatives, the Melbourne-based company said in a statement Monday. Accessed data included the victim’s name, date of birth, address, phone number and email address. Initially, Medibank said the attack had exposed data on its almost 4 million customers.
The extent of the hack puts it in the realm of a vast data leak at Singapore Telecommunications Ltd.’s Optus unit in September, which exposed the details of as many as 10 million customers. Other recent hacks on pathology services provider Australian Clinical Labs Ltd. and Woolworths Ltd. subsidiary MyDeal have raised concern Australian companies aren’t doing enough to protect customer data.
Australia’s Hacking Frenzy Spurred by Understaffed Cybersecurity Workforce
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Chief Executive Officer David Koczkar said in the statement. “In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
According to the latest update from Medibank, the hacker accessed information on about 5.1 million Medibank customers, around 2.8 million customers of subsidiary AHM and some 1.8 million international customers. Among the information obtained was:
- Medicare numbers (but not expiry dates) for AHM customers
- Passport numbers (but not expiry dates) and visa details for international students
- Health claims data for around 160,000 Medibank customers, around 300,000 AHM customers and around 20,000 international customers
- Around 5,200 My Home Hospital patients had personal and health claims data accessed and around 2,900 next of kin of these patients
- Health provider details, including names, provider numbers and addresses
Medibank will also commission an external review of the incident. It says no further suspicious activity has been detected since Oct. 12.
Photograph: An attendee types on a cyrillic laptop computer keyboard at the CryptoSpace conference in Moscow, Russia, on Friday, Dec. 8, 2017. CryptoSpace is Eastern Europe’s largest conference dedicated to blockchain technology and cryptocurrencies. Photo credit: Andrey Rudakov/Bloomberg
Related:
Was this article valuable?
Here are more articles you may enjoy.
California Sees Two More Property Insurers Withdraw From Market 
Trump’s Bond Insurer Tells Judge Shortfall Is ‘Inconceivable’ 
Dubai Floods Expose Weaknesses to a Rapidly Changing Climate 
Jury Awards $80M to 3 Former Zurich NA Employees for Wrongful Termination 
