• ASX releases
  • Features
  • Gallery
  • Quick facts
  • Contact
  • About Medibank
  • Investor Centre
  • Media releases

    Medibank cybercrime update

    Medibank logo

    Medibank is today aware of media reports of a purported threat from a criminal to begin publishing stolen Medibank customer data online in 24 hours. The criminal could also attempt to contact customers directly.

    Medibank is working with the Australian Government, including the Australian Cyber Security Centre and the Australian Federal Police. The Australian Federal Police is investigating this cybercrime and trying to prevent the sharing and sale of our customers’ data.

    Medibank CEO David Koczkar said: “Customers should remain vigilant. We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers.”

    “We unreservedly apologise to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community,” he said.

    Overnight we again wrote to all customers to update them about this cybercrime. We continue to inform customers of what data we believe has been accessed or stolen and provide advice on what they should do. This is being done via email or letter and in some cases via phone.

    If you are contacted by someone who claims to have your data, or you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website. To report a scam, go to ScamWatch. If you believe you are at physical risk, please call emergency services (000) immediately.

    Customers can also contact us via our contact centre team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients).

    Customers should be vigilant with all online communications and transactions including:
    • Being alert for any phishing scams via phone, post or email
    • Verifying any communications received to ensure they are legitimate
    • Not opening texts from unknown or suspicious numbers
    • Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available
    • Medibank will never contact customers asking for password or sensitive information

    The Australian Government has activated the National Coordination Mechanism to bring together agencies across the Australian Government, states and territories.

    Keep reading