Medibank hack broadens
Medibank has revealed that the cyber attack on its customers' data was much wider than it originally thought.
The company had previously only confirmed that data from budget brand ahm and international student insurance had been taken, but it now admits that data from some of its main brand customers has been compromised too.
Medibank said it realised the hack was bigger than originally thought after it was sent customer data by criminals that included data from all three entities.
A sample of 100 records included in the “negotiation” from the hacker included names, addresses, dates of birth, Medicare numbers, phone numbers, and medical claims data including information about diagnosis, procedures and location of medical services.
Reports say that a person with high-level access within Medibank’s systems appears to have had their credentials stolen by a hacker, who then put them up for sale on a Russian-language cybercrime forum acting as a credential broker.
The credentials may then have been bought by another hacker or group of hackers, who infiltrated Medibank’s network and established two backdoors.
The attacker is believed to have conducted a thorough examination of Medibank’s network and internal applications, before deploying a bespoke tool to withdraw customer information from Medibank’s customer database, and put it into a zip file that attackers downloaded from the company’s network.
Medibank and ahm customers are encouraged to contact the company's cyber response hotlines by phone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or through an information page on the its website.
Medibank is offering access to qualified mental health professionals 24/7 over the phone for advice or support around mental health or wellbeing (1800 644 325).
The company says it is still unclear how many of its 3.9 million customers were impacted. The Australian Federal Police and the Australian Signals Directorate are also investigating.