Medibank Private, an Australian-based health insurance company, has been attacked to access data of its customers. This case could be larger than expected, as per new reports.
(Photo : DAMIEN MEYER/AFP via Getty Images)
This picture taken on November 3, 2016 shows on a screen viruses list at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes. - Paradise where computer viruses blossom under the watchful eye of scientists, the Laboratory of high security (LHS-PEC) of Rennes is a small fortress from where emerge the first studies on the "ransomwares", those digital brigands which Dominate the malware market.
This picture taken on November 3, 2016 shows on a screen viruses list at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes. - Paradise where computer viruses blossom under the watchful eye of scientists, the Laboratory of high security (LHS-PEC) of Rennes is a small fortress from where emerge the first studies on the "ransomwares", those digital brigands which Dominate the malware market.
Medibank Private Hack Exposes Millions of Data
According to a report from Bloomberg, the Australian health insurance company Medibank Private hack has exposed the data of 9.7 million current and former customers, along with their authorized representatives. The data includes their names, dates of birth, address, phone number, and email address. This was a much larger amount of data exposure, compared to its original 4 million customers' data.
Chief Executive Officer David Koczkar stated that there is only a small chance for them to pay a ransom as it would not be an assurance for them to obtain the customer's data back and prevent it from being published, as they have consulted from cybercrime experts. He added, "In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target."
The hacker accessed 5.1 million Medibank customers' information, 2.8 million customers of subsidiary AHM, and 1.8 million international customers. As per the report, Medibank also laid out other information that the hacker has obtained in a new update, which includes Medicare numbers, passport numbers, health claims data of 160,000 Medibank customers, 300,000 AHm customers, & 20,000 international customers, data of 5,200 My Home Hospital patients and 2,900 next of kin of these patients, and Health providers' details.
Meanwhile, Medibank will also be commissioning an external review regarding this incident. As of October 12, no additional suspicious activity has been detected in the system and it remains secure since the attack.
How Did It Start?
According to The Guardian, this all started when someone pretended to be an employee of the company with high-level access, as the hacker theft their credentials. After obtaining the data, it was sold on a cybercrime forum that was written in Russian.
Medibank issued a statement immediately last October 13th and stated that the services will be temporarily shut down because of a cyber issue. After this, it was revealed to the company by the hackers that they got the 200GB of consumer data that has been missing to their servers.
Related Article: How the Medibank Data Breach Started, According to Insider
Aftermath
Because of this, Medibank Private shares go down to 15%. This cuts the company's market value to AU $8.2 billion (US $5.26 B). The company has also withdrawn its guidance for policyholder growth for this year. Koczkar apologized to the customers in his statement and said, "We believe that the scale of stolen customer data will be greater and we expect that the number of affected customers could grow substantially."
This article is owned by TechTimes
Written by Inno Flores