[UPDATE] Medibank Data Breach May Have Affected All of its 3.9 Million Clients, CEO Says

Previous customers are possibly compromised, too!

Medibank, an Australian health insurance provider, has disclosed that more clients than first anticipated had been impacted by the security breach, with the CEO stating the firm is proceeding on the notion that all customers are affected.

Earlier this month, Medibank said that the only people who the attack could have harmed were clients of its subsidiary ahm and overseas students.

The number of potentially impacted clients has increased to 3.9 million now that the corporation has announced it has received data from hackers that include "main brand customers."

Medibank Extended an Apology to its Clients

Medibank apologized to its customers and called the news a "distressing development."

"As we continue to uncover the breadth and gravity of this crime, we recognize that these developments will be distressing for our customers, our people, and the community - as it is to me," Medibank CEO David Koczkar said, as reported by The Guardian.

Criminals' motives in committing this offense, according to Koczkar, were to cause maximum terror and destruction, particularly to the community's most vulnerable members.

"Given the unfolding nature of the cybercrime and the complexity of the data, I'm operating under the assumption that there is a potential that all customers could be impacted," he declared.

The Hacker Had Access to Various Customers' Data

In a statement, the insurance provider revealed that it had received a new batch of files from the suspected hacker, who had previously claimed to have stolen 200GB of data.

Files including information on Medibank, ahm, and foreign student customers were discovered. These files contained the 100 ahm insurance documents received last week, which included personal and health claims data.

Last week, the organization received a large batch of records that contained personal information such as names, residences, ages, Medicare numbers, phone numbers, and details regarding medical claims like diagnoses, treatments, and service locations.

A Medibank representative has said that the corporation is required by state health record rules to retain customer health information for a period of seven years. Therefore it is probable that the breach affects previous clients of the insurance.

Current and past clients will be informed of the next steps, and individuals whose data has been determined to have been hacked will get a separate notification.

How the Medibank Data Breach Started

On Monday, Oct. 24, an insider disclosed further details of the data breach. According to the source, everything began with the theft of credentials belonging to an employee with extensive privileges within the company. The hacked data were afterward offered for sale on a Russian-language cybercrime site.

Another ground of hacker reportedly bought the credentials and walked into Medibank's network, putting up two backdoors in case the first one was caught.

Inside Medibank, it's believed that the attacker searched the customer database, as well as the entire network and internal systems, before using a specialized tool to extract data and compress it into a zip file.

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics