Medibank, an Australian health insurer, has confirmed that it suffered from a cyberattack that impacted the personal details of roughly 9.7 million customers. The attack was first identified in mid October. The health insurer stated that the threat actor behind the attack was not able to deploy ransomware, but they did access data from the company’s systems. Medibank reported that it immediately initiated security incident response protocol and started an investigation into the attack. According to the company, it was unable to determine whether customer data was access or not until the threat actor behind the attack contacted Medibank.
The company originally estimated that 4 million of its customers might have been impacted by the cyberattack, but since the contact with the threat actor it has raised that estimate to 9.7 million. Personal information that may have been exposed during the cyberattack or accessed by the threat actors includes names, addresses, birth dates, phone numbers, and email addresses. Medibank also stated that international students may have had their passport numbers, Medicare numbers, and visa details exposed. Additionally, the company confirmed that health claims data from some customers was compromised, including name and location of the service provider and diagnosis codes.
Read More: Medibank Confirms Data Breach Impacts 9.7 Million Customers