Share and Follow
This morning it was revealed a sample of customer data, including names, addresses, dates of birth, phone numbers, email addresses was posted online on the dark web.
In some cases passport numbers of international students signed up to Medibank Group’s partner business ahm were also published.
”The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” Medibank said in an update.
“We will continue to work around the clock to inform customers of what data we believe has been stolen and any of their data included in the files on the dark web and provide advice on what customers should do.
“We expect the criminal to continue to release files on the dark web.”
Yesterday the criminal purporting to be behind the attack issued an ultimatum to the insurer, requesting a ransom be paid or all data would be published within 24 hours.
Medibank’s CEO David Koczkar has publicly said the insurer will not pay a ransom.
“We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” he said on Monday.
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.
Read Related Also: Tiny detail on woman’s Australian passport that almost ruined her dreams of moving to New Zealand
“It is for these reasons we have decided we will not pay a ransom for this event.”
Scam text fools drivers into thinking they have missed paying a toll
Medibank has written to customers again, warning them that the criminal could attempt to contact customers directly.
Koczkar apologised to customers and said Medibank would support those affected by the hack.
“We unreservedly apologise to our customers,” he said.
“This is a criminal act designed to harm our customers and cause distress.
“We take seriously our responsibility to safeguard our customers and we stand ready to support them.”
If you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website. To report a scam, go to ScamWatch. If you believe you are at physical risk, please call emergency services (000) immediately.
Customers can also contact Medibank via its contact centre team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients).