Medibank, an Australian health insurance provider, has been the victim of a cyberattack. The personal data of around 10 million of its customers has been affected.
Australian health insurer Medibank, based in Melbourne and the country’s largest insurer, was the victim of a large-scale cyberattack during the month of October. The number of victims, initially estimated at around 4 million by the company, would actually amount to nearly 10 million for the company and its subsidiaries, Bloomberg reported on November 6. Among the stolen data are those of the insurer’s customers.
According to the company, the stolen files contain customers’ personal data, such as first and last names, dates of birth, email and postal addresses and telephone numbers. Some Medicare numbers (the Australian equivalent of the Social Security number) are also found there, but the exact proportion of stolen numbers remains unknown. Passport numbers of foreign students are also included, along with other information, such as that of customers of the company’s subsidiaries, reports Bloomberg.
No ransom payment
The cybercriminals demanded a ransom from the company, but the latter indicated its intention not to pay it.
“Based on advice we’ve received from cybercrime experts, paying the ransom does not give us 100% guarantee of recovering our customers’ data, or preventing it from being published. In fact, paying might even have the The opposite effect and encourage criminals to extort directly from our customers, so there is a good chance that paying will have a negative impact on a greater number of people”, justifies David Koczkar, CEO of the Medibank Group.
The latter had already spoken when the attack was revealed, indicating that the forecasts on the number of victims could be revised upwards.
“We believe that the number of robbed customers could be greater than expected, and we expect the number of victims to increase significantly. I offer my unreserved apologies to our customers,” he said.
The company said it was still measuring the extent of the damage, including through an internal audit.