3.9 million customers are now on alert due to the Medibank cyber attack. Hackers who claim to have taken reams of information from Medibank Private have threatened to sell private customer data, including credit card information and sensitive medical conditions unless the insurance pays a ransom.
What should you do? How to dodge the Medibank private hack? How did the Medibank cyber attack happen? Keep reading…
Medibank private data breach explained
The world’s largest provider of health insurance, Medibank, has announced that a significant cyber security incident last week looks to have involved criminals hacking its client data.
After initially downplaying the severity of the incident, the corporation acknowledged that it had been contacted by the thieves, who claimed to have taken 200GB of data.
“The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems.”Medibank
A cyber attack resulted in the theft of some of Medibank’s customers’ personal information, including names, addresses, Medicare numbers, and phone numbers.
The precise number of individuals whose data was stolen is unknown, but Medibank has confirmed that the information from the hackers on 100 policyholders matches its records. The source of the consumer information is allegedly ahm and its foreign student policyholders. When they study here, these students must have private health insurance. If consumers of its main Medibank brand are also impacted, that is unknown.
David Koczkar, the company’s chief executive, extended a full apology for “this crime, which has been committed against our customers.”
“I know that many will be disappointed with Medibank and I acknowledge that disappointment. This cybercrime is now the subject of an investigation by the Australian Federal Police. We will learn from this incident and will share our learning with others.”David Koczkar
Check out CHI Health data breach: Is North Korea behind it?
Medibank cyber attack summary: What happened in Medibank private hack so far?
- Although Medibank was the target of a cyber attack last week, the corporation maintained that there was no proof that any critical data had been acquired.
- Medibank released a statement on Wednesday claiming to have received a communication from a group claiming to be hackers.
- Cybersecurity Minister Clare O’Neil stated that the incident had been reported to the Australian Federal Police after the company ceased trading on the stock market.
- Medibank collaborates with the Australian Signals Directorate and the Australian Cyber Security Agency.
- In a statement on Thursday, Medibank said that a criminal had given them a sample of 100 documents, which it believed came from its systems.
- As investigations go, the business anticipates that additional people will be impacted.
In order to provide advice, Medibank stated it is striving to get in touch with consumers affected by the compromise.
The business stated that it anticipates that the number of those affected will increase.
What data was stolen in the Medibank cyber attack?
Medibank is a health insurance provider, so it has access to various sensitive data. According to Medicare, the data from the hacker’s 100 records includes:
- First names and surnames
- Dates of birth
- Medicare numbers
- Policy numbers
- Phone numbers
- Data from claims made to the insurer
The information also contains information about the locations of the patients’ medical appointments as well as the procedure and diagnosis codes.
Additionally, the hacker claims to have credit card information, but Medibank has not confirmed this.
According to Medibank, the goods utilized by international students and subsidiary ahm are the source of these restrictions.
Check out Binance hack: Binance Smart Chain Hack explained
How did the Medibank private hack happen?
Ransomware was used in the Medibank private hack, according to Medibank.
Malicious software is typically used in a ransomware assault to lock up or encrypt data so owners can no longer access it. To regain access to the files, hackers want a ransom.
Medibank said that “a group” had approached the corporation to discuss negotiating the return of data that it had in its possession.
In its most recent statement, Medibank stated that “a criminal” had gotten in touch with it.
Medibank data breach, what to do?
Medibank has cautioned customers to be “vigilant” against con artists or criminals who might be attempting to use their data against them.
Customers should get independent advice on the security of their personal data from reputable sources, such as the Australian Cyber Security Centre at cyber.gov.au.
The business declared that it would never get in touch with clients and ask for passwords or other private information.
All customers may not be required to update their passports or driver’s licenses, as indicated by Medibank.
Check out the importance of cyber risk assessment
How to understand that you are affected by the Medibank cyber attack?
The company is currently contacting the 100 people whose information was given to Medibank by the hackers. When more clients are added to the list of those affected, Medibank said it would get in touch with them.
Although Medibank hasn’t confirmed it, it’s possible that the breach also impacted previous clients. Some old clients have already received emails from Medibank informing them of the incident.
Latest data breaches
Check out the latest data breaches:
Outcomes of data breaches: Equifax & T-Mobile
The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.
Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the conditions of the deal. Additionally, the company must pay court fees and government fines.
Take a closer look at how data breaches effects companies: Equifax Data breach settlement
The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, and so on.
If granted, the $350 million T-Mobile deal will represent the second-largest payment for a data breach in US history.
Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement