By Staff Writer.
Medibank Group in a statement has notified it has received messages from a group that “wishes to negotiate with the company regarding their alleged removal of customer data”.
The Sydney Morning Herald is reporting the group is threatening to email 1,000 people their own health information and they have 200GB of data. “In a message obtained by this masthead, the hacking group claims to have stolen 200 gigabytes of sensitive information from Medibank, and threatens to contact its 1000 most prominent customers with their own personal information as a warning shot. This masthead was unable to verify the authenticity of the claims but in a response to questions on Wednesday afternoon, Medibank acknowledged it had received a threat and was taking it seriously.”
As a health company providing health insurance and health services, Medibank holds a range of personal information of its customers.
Medibank went into a trading halt yesterday as a result.
The company have advised the Australian Cyber Security Centre and in an ongoing response to safeguard their networks and systems, may cause disruptions to services.
Medibank CEO David Koczkar said: “I apologise and understand this latest distressing update will concern our customers. We have always said that we will prioritise responding to this matter as transparently as possible. Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now. We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.”
On 13 October the company advised that it had taken offline their ahm and international student policy systems and its data, and were in the process of restarting the systems, with no evidence that customer data had been accessed.
Investigations are ongoing and Medibank states it will continue to provide regular updates.
In a media statement, Federal Minister for Cybersecurity, Clare O’Neil said “This incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety.”
