Medibank data breach and the story behind customers personal data accessed

Medibank, an Australian Insurance Company has confirmed that threat actors have accessed their customers personal data during a recent ransomware attack.

The company made an announcement recently stating an internal investigation into the ransomware attack revealed that the hacker entities have accessed the customer data.

Medibank data breach and the details

As per Medibank data breach and their announcement regarding it,

• Customers personal data and health claims data have been accessed
• International students customer personal data and their health claims have been accessed.

“As previously advised, we have evidence that the criminal has removed some of this data, and it is now likely that the criminal has stolen further personal and health claims data,” explains the announcement.

Adding to the access of data the Medibank team also found that few data have been extorted and probably most of the customers personal data have been stolen.

“As a result, we expect that the number of affected customers could grow substantially.”

Although, last week the Medibank made an assurance that 2.8 million customers data haven’t been compromised and everything is intact, things went south pretty fast.

The hackers made contact with the company delivering a sample of 100 stolen files out of the 200 GB of stolen data during the ransomware incident.

Here’s what Medibank CEO David Koczkar said,

Medibank data breach and the extortion of customer data

After carefully investigating the attack completely, the Medibank security team identified that the data exfiltration was done at a larger scale and hence almost all the customers data could have been compromised.

To compromise the event of Medibank data breach and exfiltration, Medibank is now providing upgraded services to its customers to handle the current situation,

• Provides financial support for customers who are in a vulnerable position as result of this crime.
• Offer free identity monitoring services for customers who have had their primary ID compromised.
• Remibursing the fees for reissue of identity documents that have been compromised by the Medibank data breach.
• Resources from IDCARE and Specialist identity protection suggestions
• Mental health and wellbeing support line.

The Australian Govt responds to Medibank data breach and other cyber incidents

Australia has been hit by several cyberattacks in recent times affecting several companies and industries regular operations including the Medibank data breach. The government is working to improve their data protection laws and bring powerful cyber protocols.

Australia’s new data security bill has been proposed by the Government on Saturday for the new privacy legislation amendment bill 2022 that is targeted to,

Increase privacy breach penalties from $2.22 million AUD to $50 million AUD (or) 3x the value of any benefit obtained through the mishandling of information, if greater, (or) 30% of a company’s adjusted turnover in the relevant period, if greater.

This new Bill will give the Australian Information Commissioner enhanced powers to resolve privacy breaches and push companies to share complete details about any cyber incident.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.