Medibank, an Australian health insurance company, was the victim of a cyber attack. The personal data of around 10 million of its customers were affected.
Australian health insurer Medibank, based in Melbourne and the country’s largest insurer, was the victim of a large-scale cyber attack during the month of October. The number of victims, initially estimated by the company at around 4 million, would actually amount to almost 10 million for the company and its subsidiaries, a Bloomberg reported on November 6. Among the stolen data are those of the insurer’s customers.
According to the company, the stolen files contain personal data customers, such as first and last names, dates of birth, email and postal addresses, and telephone numbers. There are also some Medicare numbers (the Australian equivalent of the Social Security number) there, but the exact proportion of the numbers stolen remains unknown. The passport numbers of foreign students are also included, along with other information, such as that of customers at the company’s branches, Bloomberg reports.
No ransom payments
The cybercriminals demanded a ransom from the company, but the company has indicated its intention not to pay it.
“Based on the advice we have received from cybercrime experts, paying the ransom does not give us a 100% guarantee that we will recover our customers’ data or prevent it from being published. In fact, paying may even have the opposite effect and encourage criminals extort directly from our customers, so there is a good chance that the payment will have a negative impact on more people “, justifies David Koczkar, CEO of the Medibank Group.
The latter had already spoken when the attack was revealed, indicating that the forecasts on the number of victims could be revised upwards.
“We believe the number of robbed customers may be higher than expected and we expect the number of victims to increase significantly. I apologize unreservedly to our customers,” he said.
The company said it was still measuring the extent of the damage, including through an internal audit.