Medibank cybercrime update
We are aware that stolen Medibank customer data has been released on the dark web overnight.
We are in the process of analysing the data, but the data released appears to be the data we believed the criminal stole.
Unfortunately, we expected the criminal to continue to release files on the dark web.
While our investigation continues there are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identity and financial fraud. The raw data we have analysed today so far is incomplete and hard to understand.
Medibank CEO David Koczkar said while there are media reports of this being a signal of ‘case closed’, our work is not over.
“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.
“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures.
“If customers are concerned, they should reach out for support from our cybercrime hotline, our mental health support line, Beyond Blue, Lifeline or their GP.
“Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum and attempts to profit from it is committing a crime.
“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data. We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.
“Again, I unreservedly apologise to our customers.
“We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web,” Mr Koczkar said.
Our customers can also contact us to understand what data has been accessed – we’ve extended call centre hours and we’ve increased our customer support team by more than 300 people. In addition, from this week, we’re taking extra security steps to further protect our customers – with two-factor authentication in our contact centres. So, when a customer calls for support, we can verify their identify and be sure we’re speaking with them and not someone else.
Data released on the dark web today
We are conducting further analysis on the files today and at this stage believe:
- There are 6 zipped files in a folder called ‘full’ containing the raw data that we believed the criminal stole
- Much of the data is incomplete and hard to understand
- For example, health claims data released today has not been joined with customer name and contact details
Given the sensitive nature of the stolen customer data that is being released on the dark web we continue to ask the media and others to support our ongoing efforts to minimise harm to customers, and not to unnecessarily download sensitive personal data from the dark web and to refrain from contacting customers directly.
Supporting our customers
Our dedicated Cyber Response Support Program for our customers includes:
• A cybercrime health & wellbeing line (1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained t
o support victims of crime and issues related to sensitive health information • Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from our contact centre team
• Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available
• Personal duress alarms – for customers particularly vulnerable and/or with safety risks
• Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients)
• Specialist identity protection advice and resources through IDCARE’s purpose-built Medibank page
• Free identity monitoring services for customers whose identity has been compromised as a result of this crime
• Reimbursement of ID replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
• Specialised teams to help our customers who receive scam communications or threats
Reach out for support
We understand this crime will be distressing for many of our customers.
Customers should reach out for support if they need it from:
• Medibank’s Mental Health Support line on 1800 644 325 (Medibank international students call 1800 887 283 and ahm international students call 1800 006 745)
• Beyond Blue (1300 224 636 / beyondblue.org.au)
• Lifeline (13 11 14 / lifeline.org.au)
• Their GP or other relevant health professional
Medibank recommends being vigilant with all online communications and transactions including:
• Being alert for any phishing scams via phone, post or email
• Verifying any communications received to ensure they are legitimate
• Not opening texts from unknown or suspicious numbers
• Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available
• Medibank will never contact customers asking for password or sensitive information
If you are contacted by someone who claims to have your data, or you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website. To report a scam, go to ScamWatch. If you believe you are at physical risk, please call emergency services (000) immediately.
Customer data we currently believe the criminal has stolen
• The name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers
• Medicare numbers (but not expiry dates) for ahm customers
• Passport numbers (but not expiry dates) and visa details for international student customers
• Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered. Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed
• Health provider details, including names, provider numbers and addresses
Based on our investigations to date, we currently believe the criminal:
• Did not access primary identity documents, such as drivers’ licences, for Medibank and ahm resident customers. Medibank does not collect primary identity documents for resident customers except in exceptional circumstances
• Did not access health claims data for extras services (such as dental, physio, optical and psychology)
• Did not access credit card and banking details