Medibank says hacker accessed data of 9.7 million customers and refuses to pay ransom

Nov 7 (Reuters) – Medibank Private Ltd (MPL.AX), Australia’s largest health insurer, said on Monday that no ransom would be paid to the criminal responsible for a recent data theft, in which around 9, 7 million current and former customer data were compromised.

Highlighting the findings of the company’s investigation to date, Medibank has confirmed that the name, date of birth, address, telephone number and email addresses of approximately 9.7 million customers current and former were accessed during the data theft.

Cybersecurity concerns in Australia have seen a sharp rise in recent times, with a government report suggesting there is an attack every seven minutes.

“Based on extensive advice we have received from cybercrime experts, we believe there is only a limited chance of paying a ransom to secure the return of our customers’ data and prevent it from being published,” said Medibank CEO David Koczkar.

Koczkar added that paying a ransom could encourage the hacker to extort customers directly, hurting more people. The insurer reiterated that business operations remained normal for the duration of the cyber attack, with customers continuing to access healthcare services.

Medibank warned that its customers should be vigilant as the criminal may leak the data online or attempt to contact customers directly.

Corporate Australia has seen a series of attacks in the past two weeks alone, with Singapore Telecommunications’ Optus unit (STEL.SI) disclosing a breach of up to 10 million customer accounts, and Woolworths (WOW.AX) revealing that millions of customer data using its bargain shopping website had been compromised.

Medibank said it would commission an external review to learn lessons from the cyber attack while expanding its cyber response support program.

Reporting by Roushni Nair in Bangalore; Editing by Daniel Wallis

Our standards: The Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *