“The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems,” Medibank said in a statement.
”That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.
“Claims data includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.”
The criminal also claimed to have stolen other information, Medibank said, including data related to credit card security, but that has not yet been verified by internal investigations.
The provider said affected customers will be directly contacted to inform them of the data breach.
”We expect the number of affected customers to grow as the incident continues,” Medibank said.
Read Related Also: Tropical Storm Ian forecast to rapidly intensify into hurricane, significant threat eyes Florida
CEO David Koczkar has “unreservedly” apologised to customers for the attack on the health insurer.
”I know that many will be disappointed with Medibank and I acknowledge that disappointment,” he said.
“This cybercrime is now the subject of an investigation by the Australian Federal Police.
“We will learn from this incident and will share our learnings with others.”
Medibank has entered a trading halt until further notice.