Medibank has confirmed that private medical details of customers were obtained during the recent hack, potentially including some high-profile Australians.
The stolen data includes names, addresses, birthdates, Medicare numbers, contact information, and claims data from the private health insurer.
Medibank confirmed that it had received further details on the scale of the hack from the attackers, including a file with a further 1,000 policy records from its budget brand ahm. The ahm data includes personal and health claims data.
“It has become clear that the criminal has taken data that now includes Medibank customer data, in addition to that of ahm and international student customers,” the company said in a statement.
“This is a distressing development and Medibank unreservedly apologises to our customers.”
Medibank’s chief exec David Koczkar said that the company will continue to work with the federal government on the hack, including the ongoing criminal investigation.
“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community,” he said.
When the Medibank hack became public knowledge, the company initially tried to downplay its severity. In fact, on 14 October, Medibank said there was no proof that customer data had been accessed.
However, the unknown group said told Medibank, The Sydney Morning Herald, and The Age, that it would sell 200 gigabytes of stolen data unless Medibank paid a ransom. It contains a threat from the hackers to first target 1000 high-profile Australians with their own data as a warning.
The news follows Optus’ huge data breach last month and will likely add more fuel to the fire building around privacy and data regulations in Australia. Even though the data obtained during the Medibank hack was not gathered from digital marketing, regulators and consumers will point to the reams of data held by companies as a risk in itself.
For brands and marketers, there are uncertain times ahead as a result of these significant data breaches.
