UPDATE: Medibank confirms – Hacker is real, they have your data

Following this mornings word from Medibank that they are now dealing with a ransom demand, the company has issued a statement to the ASX which confirms the criminal does have legitimate client records of medibank customers.

Having placed their shares in a trading halt this morning, Medibank’s update to the market is also a precursor to a likely outreach to customers in line with their previous communications which have been consistent and transparent.

Unfortunately, Medibank (and AHM) had been almost clear with customers that their data was not affected. Turns out, it likely is.

To what scale or extent is still unknown, but the hacker claims to have 200GB of data, which would amount to a massive amount of customer information.

Medibank has shared the following:

• Medibank has been contacted by a criminal claiming to have stolen 200GB of data.
• The criminal has provided a sample of records for 100 policies which we believe has come from our
  ahm and international student systems.
• That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy
  numbers, phone numbers and some claims data.
• This claims data includes the location of where a customer received medical services, and codes
  relating to their diagnosis and procedures
• The criminal claims to have stolen other information, including data related to credit card security,
  which has not yet been verified by our investigations.

Medibank CEO David Koczkar says “I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and
the broader community.

“I know that many will be disappointed with Medibank and I acknowledge that disappointment. This cybercrime is now the subject of an investigation by the Australian Federal Police.

“We will learn from this incident and will share our learnings with others”.

“Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.”

Unfortunately for customers, at this time, there isn’t much you can do.

Key to your actions going forward is vigilance, keep an eye out for any suspicious emails, especially ones claiming to know about your personal health, medication or treatment.

That includes emails from your doctor or clinics, as scammers will use whatever info they have to try and trick you.

If it looks legit, call the company, or visit their website directly without clinking any email links.