Numerous Australians’ personal information has been published online after being stolen from Medibank, the nation’s largest health insurer.
Names, addresses, birthdates, and government ID numbers were also disclosed along with some health claims data, including medical procedure history.
As a Medibank client, PM Anthony Albanese stated that he was among many worried that their information would be made public.
People are having a tremendously difficult time, he stated on Wednesday.
9.7 million Medibank customers’ personal information was taken last month. After the insurer declined to pay a ransom, a sample was released on Wednesday.
The release of private health information can be “distressing and embarrassing”, Australian Federal Police said, warning those whose data is yet to be released are at risk of blackmail.
“Please do not be embarrassed to contact police… if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made,” Assistant Commissioner Justine Gough said.
All customers affected – whether their information has been publicly released or not – are also at risk of phishing scams, she said.
Medibank has apologised for what it has called the “malicious weaponisation” of private information, and promised to work “around the clock” to inform customers whose information has been published.
But Home Affairs Minister Clare O’Neil – who has previously said Australia is “a decade behind” in cybersecurity – has defended Medibank, saying the company followed government advice in not paying the ransom.
The group responsible are “scumbags” and “disgraceful human beings”, she said.
BBC News reported that, the stolen Medibank data was posted on a blog linked to Russian ransomware group REvil, local media report. More data will be posted soon, the blogpost says.
Medibank says the information was obtained after login details allowing access to all its customer data was stolen.
The “criminal” also obtained access to data from its subsidiaries, including ahm insurance. Ahm is a smaller health insurance brand owned by Medibank.
While millions have been affected, the most serious breach was for around 500,000 customers who have had private health information stolen, Medibank said.
But the company has stressed that no credit card or banking details were accessed.
Leave a Reply