Australia’s largest healthcare insurer Medibank has apologised after revealing customer data had been stolen in a recent cyber attack.
It comes after an initial announcement from the insurance giant that customer data for its ahm brand and international student business was lost in a hack.
“This is a distressing development, and Medibank unreservedly apologises to our customers,” the insurer said in a media release on Oct. 24.
According to the company, communication with the hacker has revealed that at least 1,100 policy records, which include personal private data, was compromised.
However, Medibank noted that it expects the number of affected customers to grow as the investigation progresses.
“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen. We will continue to analyse what we have received to understand the total number of customers impacted and, specifically, which information has been stolen,” the company said.
Medibank CEO David Koczkar has apologised saying the latest developments will be distressing for customers, staff and the community.
“I unreservedly apologise to our customers who have been the victims of this serious crime,” he said. “This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community.
The hack on Medibank is currently being investigated by the Australian Federal Police.
Medibank to Provide Customer Support
Medibank also announced a support package for customers affected by the breach.
It will include the financial reimbursement of fees for the re-issuing of identity documents that have been compromised, as well as free identity monitoring services for customers who have been compromised.
A mental health and well-being support call line will also be established, as well as resources from Australia’s cyber support service IDCARE.
Lastly, for customers in a uniquely vulnerable position, Medibank has arranged a hardship package to provide financial support. These packages will be provided on a case-by-case basis, the company said.
Additionally, the company said it was working with Australian banks and government departments to help monitor the situation.
Federal Government Criticised For Slow Response to Cyber Attacks
Meanwhile, Clare O’Neil, the federal minister for cybersecurity has faced criticism for her response to recent cyberattacks on major Australian companies Medibank and the country’s second largest telecommunications company Optus.
Shadow Minister for Cyber Security James Paterson, pointed out in a statement that it took the Labor minister one week to respond to the Medibank hack publicly.
“Ms. O’Neil should explain why she accepted the company’s initial denial; this was serious, delaying government engagement by a week,” Paterson said. “In a cyber attack, time is of the essence. Early engagement by the government allows the facts to be established, data theft to potentially be disrupted, and gives customers time to take any necessary steps to mitigate the consequences of the breach.”
— James Paterson (@SenPaterson) October 24, 2022
He also called on the federal government to release a timeline of the actions they have taken.
“Medibank victims have every right to know what steps the Albanese government took and when,” Paterson said.