Medibank says criminals have shared proof they stole customer data

Medibank, the Australian health insurance company targeted by a cyber attack last week, said on Thursday that criminals have shared with the company a sample of 100 records that indicated customer information was stolen.

“We expect the number of affected customers to grow as the incident continues,” said Emily Ritchie, the company’s senior executive for external affairs.

“Medibank will never contact customers requesting passwords or other sensitive information,” she added.

The company, which was formerly government owned before being privatized as a not-for-profit in 2014, has around 3.7 million customers in Australia.

Trading in its shares was halted on Wednesday despite the company claiming on Monday to have foiled a ransomware attack.

The company said its systems were not encrypted by the attackers and its initial investigations turned up “no evidence customer data has been removed from our network.”

However in its latest statement, the company acknowledged that the sample data provided by the criminals had come from its “ahm and international student systems” systems.

This information includes:

  • First names and surnames
  • Addresses 
  • Dates of birth
  • Medicare numbers
  • Policy numbers
  • Phone numbers 
  • Some claims data, including the location of where a customer received medical services and codes relating to their diagnoses and procedures


Medibank said: “The criminal also claims to have stolen other information, including data related to credit card security. This has not yet been verified by our investigations.”

The criminals who contacted Medibank claimed to have stolen 200 gigabytes of data. The company has not revealed what kind of extortion demand it has received.

The health insurance company said it will begin to make direct contact with the affected customers as of Thursday morning and will “provide support and guidance on what to do next.”

“Medibank urges our customers to remain vigilant, and encourages them to seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au,” said Ritchie.

Clare O'Neil MP, Australia's minister for home affairs and cyber security, issued a statement on the incident and said she has spoken to the head of the Australian Signals Directorate and the Australian Federal Police who are providing "significant support" to Medibank.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.