If the hack of Optus, Australia’s second-largest telecommunications company, in September wasn’t a wake-up call for the country’s cyber-attack threat then the recent Medibank hack should be.
Nearly 10 million customers’ data has been breached including names, date of birth, addresses, phone numbers, email addresses, and health conditions. Other personal details include the service provider’s name and location, diagnosis and procedure codes, and the locations where Medibank customers have received specific medical procedures.
Of the 9.7million customers who have had their personal information leaked, this includes 5.1 million Medibank customers, 2.8 million ahm customers, and 1.8 million international customers.
The criminal group claimed they had stolen 200 gigabytes of data and demanded Medibank pay a ransom.
Medibank chief executive David Koczkar said, “Based on extensive advice from cybercrime experts, we believe that the likelihood of paying a ransom to ensure hackers return customer data without disclosing it is low.”
He also believes that paying a ransom to cybercriminals would encourage them to contact customers and extort them directly.
Cybercrime is now the subject of an investigation by the Australian Federal Police. Clare O’Neil, Cybersecurity minister, said that the federal government is against companies paying cybercrime payments but admitted it is not illegal.
In the meantime, the insurer reiterated that the business operations remain normal and that clients continued to receive medical services. However, it warned customers to stay vigilant as criminals could leak personal information online or try to contact them directly.