Australian insurance company Medibank, which recently suffered a cyberattack by an unknown threat actor, confirmed the incident. Emily Ritchie, the Senior Executive of External Affairs at the organization, released a report on the breach admitting to the theft of the personal data of its customers, including their names, addresses, phone numbers, medical records, and more.
The company claims to be transparent with its customers and has shared the incident in chronological order including what mitigation is being employed for repercussions of the attack. Moreover, it admits to being contacted by an unknown cybercriminal, claiming to have stolen 200GB of confidential data.
Medibank cyberattack explained
Last Wednesday, Medibank announced that it had received a message from a threat group claiming to “negotiate” with it in exchange for 200GB of data. As a warning sign, the threat actors provided a sample record of 100 in-system policies for Australian Health Management (AHM) and international student systems.
According to Ritchie, the sample data collected by the company included the name, addresses, DOBs, medicare numbers, policy numbers, and phone numbers of its customers. Moreover, the threat actors claimed that the data included the customers’ location where they received medical service, including the codes and procedures used in the diagnosis.
Moreover, the company reported that the threat actor claimed to have stolen customers’ financial data, including credit card numbers and security codes, among other information. However, the investigation teams had not yet verified this claim.
Responding to the attack, Medibank CEO David Koczkar said, “This cybercrime is now the subject of an investigation by the Australian Federal Police. We will learn from this incident and will share our learnings with others.”
Medibank shares mitigation to counter the attack
Cyberattacks of this magnitude are usually connected to large-scale organizations. Threat actors who launch these attacks might also do it for novel causes, like bringing attention to them or causing a ruckus within society.
With this attack, the threat actors were going after all the data that could be utilized to inflict harm on the company and its customers. However, since the data is already stolen, the need to protect the customers automatically becomes the top priority. Medibank has already contacted the Australian Federal Police, and an investigation has been initiated to find the culprits behind the attack.
At the time of writing, the Insurance company has started its direct contact procedure to reach out to affected customers and inform them about the latest developments on the project. The affected parties are also being provided with support and guidance on the next step in the situation.
The company expects the number of affected customers to grow, but they are also continuously evaluating the potential risk and are aiding customers to remain active about any possible attack. The customers are also advised to actively seek advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au.
To provide better services and contact points, the company has relocated brand-new cyber response hotlines at all major call centers, decreasing the overall time it takes to contact in case of emergencies.