Australia’s biggest health insurance company, Medibank Private Ltd (MPL.AX), announced the full extent of the data accessed by the threat actor in the recent cyberattack the organization suffered. According to the company, the criminal responsible for the attack accessed the data of around 9.7 million former and current customers. However, the health insurance firm has refused to pay any ransom to the threat actors.
Post the attack, Medibank began investigating the hackers and confirmed that the name, date of birth, address, and other private information of around 9.7 million current and former customers were accessed in the data theft. In the last few months, Australia has suffered several cyberattacks, with Medibank data theft adding to the long list.
Medibank contacts cybercrime experts
Medibank is currently investigating the incident with internal and external sources. According to the company’s CEO David Koczkar, threat researchers have advised the company against paying a ransom, stating that it would not guarantee the return of customers’ data or prevent the hacker from publishing it.
Usually, in these cases, the hackers could use the ransom to build confidence and extort more money using the same tactics. Medibank assured its customers that the data theft didn’t compromise the business and its operations. The company is continuing its standard services and is providing health insurance to its customers as a common practice.
However, since the threat actors could have gotten their hands on the data, Medibank customers have been forewarned to exercise caution as the criminals could publish the information online or make direct contact with them.
In the past few weeks alone, there have been several attacks against Australian businesses, with Woolworths (WOW.AX) and Optus, a division of Singapore Telecommunications (STEL.SI), disclosing the compromise of millions of user accounts and data, respectively. Medibank stated that it would extend its Cyber Response Support Program while also commissioning an external review to draw lessons from the cyberattack.