While it still hasn't been confirmed whether or not these screenshots are real, it aligns with an announcement Medibank made on November 7: that they would not pay the hacker responsible for the breach a ransom.
David Koczkar, Medibank’s chief executive, said in a statement, “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
“It is for these reasons we have decided we will not pay a ransom for this event,” Mr Koczkar concluded.
Mr Koczskar also revealed that 9.7 million Medibank customers (both past and present across the Medibank and ahm brands) were affected by the data breach, and the hacker had access to their basic customer information: name, date of birth, address, phone number and email address.
He also announced that it’s been determined that roughly 500,000 customers’ private health information and past claims data was accessed by the hacker.
Mr Koczskar stressed that absolutely no credit card details were stolen or accessed by the hacker.
For context, in mid-October 2022, Medibank faced a major security breach and initially, the company downplayed the cyberattack.
However, Medibank then announced on October 27, during an investors update, that the personal data of nearly 4 million customers (we now know it was actually 9.7 million) were accessible to hackers during the breach. International student customers were also affected.
During the investors update, Mr Koczkar said, “Our priority now is to safeguard our customers and their data given we now know that data has been stolen.”
Mr Koczkar also apologised to Medibank customers while John Goodall, Medibank’s group executive of technology and operations, assured the company was doing all it could to make sure the hacker no longer had access.
“It’s an ongoing forensic analysis. Everywhere we’ve identified a breach, it’s now closed,” Mr Goodall said.
If you’re a customer with Medibank, here’s what you can do to protect yourself and everything else you need to know.
What data has been breached?
The data stolen in the Medibank breach is extensive. The following information is believed to be compromised for Medibank and ahm customers:
- Email addresses
- Home addresses
- Dates of birth
- Medicare card numbers
- Policy numbers
- Phone numbers
- Health claims data
How to know if your data has been breached?
Medibank has said that if they find that a customer’s data has been stolen, they’ll notify them by email. But considering that the latest announcement confirmed most, if not all, customers had been affected, any present or former Medibank/ahm customer should remain vigilant.
What should I do about the Medibank data breach?
Medibank is urging all customers to either visit the company’s cyber incident support page or call the company's cyber response hotlines (the phone number for Medibank customers is 13 23 31 and the phone number for ahm customers is 13 42 46).
As a part of a support package, Medibank is providing their customers with a few resources to help them during this time. These include:
- Customers in a “uniquely vulnerable position as a result of this cybercrime,” will be given financial support.
- Customers whose primary ID has been fully compromised will be provided with identity monitoring support.
- All customers will be given access to resources and specialist identity protection advice from IDCARE.
- All customers have access to free mental health support; customers can speak to qualified mental health professionals 24/7 over the phone to discuss any questions or issues they may have (the phone number is 1800 644 325).
- Customers whose identity documents have been compromised will be provided with a reimbursement to cover the fees associated with replacing documents like their passport or driver’s licence.
The Australian government is strongly urging all Medibank customers to secure and monitor their devices and accounts for unusual activity. They are also advising that customers should ensure they have the latest security updates and enable multi‑factor authentication for all accounts.
Other steps you can take to protect yourself if you were affected by the Medibank data breach include:
- Replace your Medicare card; this can be done by either using your Medicare online account through MyGov, the Express Plus Medicare mobile app or by calling the Medicare program (the phone number is 13 20 11).
- Be alert for any scams that mention Medibank Private.
If you’re seriously concerned that your identity has been compromised or you’ve been a victim of a scam, contact your bank immediately and call IDCARE (the phone number is 1800 595 160).
How might the stolen data be used?
The biggest risk to Medibank customers is that their information may be used to fraudulently take out loans or apply for credit cards.
Although financial records were not stolen, the risk is that thieves may be able to use the leaked Medibank information to break into the online banking accounts of victims.
The most likely use of the information would be to perpetrate additional scams through text and email.
Therefore, any Medibank customer should be suspicious of any text messages or emails they receive that mention or reference the Medibank data breach. If you do receive a suspicious SMS or email, contact the business directly and do not click any links in the messages.
You can also register fraudulent SMSes by forwarding them to Scamwatch (their phone number is 0429 999 888).
Has the Medibank hacker been caught?
Sadly, the Medibank hacker has not been caught yet.
However, someone claiming to be the responsible criminal has contacted Medibank multiple times. At first they sent Medibank a data sample to prove they had indeed accessed Medibank customers’ personal data.
Then this person threatened to sell 200 gigabytes of stolen data and the confidential records of Medibank’s most famous customers unless Medibank pays a huge ransom. As aforementioned, Medibank refused to pay this ransom and the details of hundreds of Medibank customers have now appeared on the dark web.