Investigation from the Medibank hack has revealed further damage than initially suspected, with all of their four million customers’ personal information and other significant amounts of health data stolen in the data breach.
The health insurer recently confirmed that all of its ahm offshoot and all international student customers also had their data stolen.
It is also expected that the number of affected people will grow substantially as the investigation continues.
Medibank is currently working through the details of each customer so they would know what type of information the hackers accessed.
“We believe that the scale of stolen customer data will be greater and we expect that the number of affected customers could grow substantially,” Medibank chief executive David Koczkar said.
“I apologise unreservedly to our customers. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.”
Medibank has provided a support package for those affected, which includes financial backing and specialist identity protection.
The health insurer also warned customers to be on alert for any suspicious messages via email, text or phone call.
The stock exchange-listed Medibank, which briefed its investors on Wednesday, doesn’t have cyber insurance. As a result, it is estimated that the hack will result in a $25 million to $35 million pre-tax hit to its first half fiscal 2023 earnings.
The Medibank issue is the second high-profile hacking in weeks after Optus suffered a huge cyber security breach last month.
Cyber Security Minister Clare O’Neil was asked about the Medibank hack in parliament on Tuesday, saying the government’s best people were on the job.
“Australians who are struggling with mental health conditions, drug and alcohol addiction or diseases that carry some shame or embarrassment are entitled to keep that information private and confidential, and for a cybercriminal to hang this over the heads of Australians is a dog act,” she said.
“It is scum-of-the-earth, lowest-of-the-low territory.”
The federal government will soon be introducing new legislation to parliament that will massively increases penalties for companies that don’t properly protect sensitive data.
Fines will rise to whichever is greater – $50 million, 30 per cent of the company’s turnover in the relevant period or three times the value of any benefit gained from the stolen data.
The laws would also boost the Australian Information Commissioner’s powers to resolve breaches and increase information sharing with the Australian Communications and Media Authority.
With AAP