Medibank customers affected by last month’s devastating cyberattack have begun receiving confirmation from the health insurance giant what of their details have been stolen.
Australia’s largest health insurer has sent out emails detailing to customers both what of their personal information has been stolen and what has not been compromised.
On Wednesday morning at the company’s AGM, Medibank CEO David Koczkar said 480,000 customers were being reached out to.
“Today we will begin communicating with around 480,000 customers whose health data we believe has been stolen,” Koczkar said.
“We commenced this as soon as this data was verified by our team.”
The CEO was resolute that Medibank would never pay a ransom to the hackers.
“We’re deeply sorry to inform you that some data relating to your membership has been stolen in the recent cybercrime event,” an email sent to a customer seen by 9News.com.au reads.
“This email details what specific membership data was stolen, outlines actions you can take safeguard you online identity, and the services available through our cyber response support program.”
The email lists which details have been stolen followed by a list of the information Medibank “believes the criminal has not stolen”.
It goes on to outline information about accessing a cyber support community service, as well as some extra precautions customers can take, before confirming data has been posted onto the dark web.
Read Related Also: Robert Kraft, 81, marries ophthalmologist girlfriend Dana Blumberg, 47, in surprise wedding
“We believe data that was stolen has been released by the criminal on the ‘dark web’,” the email reads.
“The dark web is a closed online network, often accessed for criminal purposes.
“We strongly advise all affected customers to take the precautions outlined to safeguard their online identity.
“We recognise the distress this may cause you and we apologise.”
“The files released by the criminal includes an excel spreadsheet of around 900 current and former employees – including their name, email address, their mobile phone numbers and the device information including the asset number and phone name (serial number and IMEI number),” a Medibank spokesperson said.
‘Dropped my phone down the toilet’: Insidious scam text’s new message
“While security experts have told us that the security risk is low, the information could be used for increased spam such as spear fishing.”
The Australian Federal Police said last week the hackers believed to be responsible for the hack are based in Russia.
