The scale of the Medibank data breach continues to worsen, with the insurer now confirming customer data, including medical claims information, is in the hands of the attackers.
In a financial filing [pdf], Medibank said it had been contacted by an individual or group that claims to hold 200GB of data.
The company said it has been shown “a sample of records for 100 policies which we believe has come from our ahm and international student systems."
“That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data," it said.
The claims data includes some of peoples’ most private medical information: “where a customer received medical services, and codes relating to their diagnosis and procedures.”
Medibank said the attacker also claimed to have “data related to credit card security” but that this was yet to be verified.
“This morning we will commence making direct contact with the affected customers to inform them of this latest development,” the insurer said.
“We expect the number of affected customers to grow as the incident continues.”
“To reduce wait times for our customers, we have redeployed our people to support new cyber response hotlines in our call centres.
“Medibank and ahm customers can contact us by phone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or visit the information page on the website for any updates.”
Earlier today, cyber security minister Clare O’Neil said the Australian Signals Directorate and Australian Federal Police are working on the case.
.png&h=140&w=231&c=1&s=0)
