Australia’s largest private medical insurer Medibank will contact current and former customers who might have had their private information stolen after revealing a data breach is far bigger than previously believed.
The health insurer said on Tuesday the hack had taken a “distressing” turn with the receipt of a series of extra files from the hacker or hackers.
They included files containing Medibank customer data as well as 1,000 policy records from offshoot Ahm that included personal and health claims information.
The newly released information is in addition to details from international student customers and Ahm
that were revealed to be exposed last week
.
It’s the second high-profile hacking in a matter of months after
Optus suffered a huge data breach last month
.
Medibank added it was too soon to know the full extent of the customer data that had been stolen but the breach was wider than
previously thought
.
Medibank said the hack had taken a “distressing” turn with the receipt of a series of extra files from the hacker or hackers. Source: AAP / Bianca De Marchi
The company, which has around four million customers, expects the number of people affected will continue to grow.
It warned customers to be on alert for any suspicious messages received via email, text or phone call in the wake of the hack.
Chief executive David Koczkar reiterated his apologies to the victims.
“As we continue to uncover the breadth and gravity of this crime, we recognise that these developments will be distressing for our customers, our people and the community – as it is to me,” he said.
“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community.”
Mr Koczkar said his organisation continued to work with federal government agencies to investigate the data breach.
The Australian Federal Police have launched a criminal probe into the hack.
Last week, Medibank said the alleged hackers claimed to have stolen 200 gigabytes of data, including people’s medical history, where medical services were received and codes relating to their diagnosis and procedures.
Cyber Security Minister Clare O’Neil said the hackers were holding the information hostage while trying to negotiate with Medibank.
The government is set to introduce new legislation to parliament this week that massively increases penalties for companies that don’t properly protect sensitive data.
Fines
will rise
to whichever is greater of $50 million, 30 per cent of the company’s turnover in the relevant period or three times the value of any benefit gained from the stolen data.
The new laws would also boost the Australian Information Commissioner’s powers to resolve breaches and increase information sharing with the Australian Communications and Media Authority.
