cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Medibank has now disclosed personal customer data has been stolen after hack

Medibank has disclosed that the cyber criminal behind last week’s cyber attack has supplied sample records of 100 policies they believe are from their system.

user iconReporter
Fri, 21 Oct 2022
Medibank has now disclosed personal customer data has been stolen after hack
expand image

Medibank has admitted that the personal data of some of its customers which include names, addresses, Medicare numbers and phone numbers have been stolen in a cyber attack.

“The criminal [group] has provided a sample of records for 100 policies, which we believe has come from our ahm and international student systems,” Medibank stated.

That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.


The private health insurer claims data involved where the medical service was and the codes that related to their diagnosis and procedures.

The criminal claims to have stolen other information including data related to credit card security, which has not yet been verified by our investigations, Medibank further explained.

In an interview with Sky News Australia, shadow home affairs minister Karen Andrews noted that the recent cyber attack on health insurer Medibank is a “chilling reminder” to all Australian businesses and individuals of the need to protect your data.

This is yet another serious concern with an attack on a system in Australia, minister Andrews told Sky News Australia.

The company halted trading until further notice after hackers threatened to sell the private information of 1,000 Medibank customers they claimed had been stolen from the private health insurer.

The revelations come hours after Cyber Security Minister Clare O’Neil confirmed the matter had been referred to the Australian Federal Police (AFP) and that Medibank was working with the Australian Cyber Security Centre and Australian Signals Directorate on the attack.

The company’s chief executive, David Koczkar, offered an apology for this crime, which has been perpetrated against our customers”.

I know that many will be disappointed with Medibank, and I acknowledge that disappointment.

This cyber crime is now the subject of an investigation by the Australian Federal Police.

We will learn from this incident and will share our learning with others,” Koczkar said.

Koczkar promised to continue to provide customers and the public with updates as the investigation continued.

Medibank had revealed they had been contacted by a group that claimed it had removed customer data and wanted to negotiate with the company earlier this week, but investigations were ongoing to work out if the claim was true.

The private health insurer empathised that the development was upsetting [for customers] and that it expected the number of affected customers to grow as the incident continued.

[Related: Deficient cyber security blocks SME growth plans, report finds]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.