Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack.
Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.
“Based on our investigation to date into this cybercrime we currently believe the criminal has accessed:
The health insurer believes the attackers have not accessed credit card and banking details, and primary identity documents, such as drivers’ licences, because it doesn’t collect them except in exceptional circumstances.
The company discovered the ransomware attack on October 12 it also announced that no ransom payment will be made to the threat actors for the data theft.
The attackers had access to data belonging to around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers.
“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal.” concludes the data breach notice.
The company urges customers to remain vigilant as threat actors can attempt to contact them directly or publish customer data online.
Impacted customers can report it to ReportCyber | Cyber.gov.au.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, ransomware)