Medibank has been contacted by a criminal claiming to have stolen data and who has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems. This information includes:
• First names and surnames
• Addresses
• Dates of birth
• Medicare numbers
• Policy numbers
• Phone numbers
• Some claims data, including the location of where a customer received medical services and codes relating to their diagnoses and procedures.
The criminal also claims to have stolen other information, including data related to credit card security. This has not yet been verified by our investigations.
We’re working around the clock to understand what additional customer data has been affected and how this will impact them.
We are making direct contact with the affected customers to inform them of this latest development, and to provide support and guidance on what to do next. We expect the number of affected customers to grow as the incident continues.
Medibank urges customers to remain vigilant, and encourages them to seek independent advice from trusted sources, including the Australian Cyber Security Centre atcyber.gov.au
As always, Medibank will never contact customers requesting passwords or other sensitive information.
Medibank is in discussions with government stakeholders about what else we can do to assist our customers in safeguarding their identities and health information, and we will be in touch with customers about those steps directly.
