Medibank reveals full scope of data breach – it’s bad

medibank data breach
FILE PHOTO: Outside a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray

(Reuters) – Medibank Private Ltd, Australia’s biggest health insurer, said on Wednesday a cyber hack had compromised data of all of its of its nearly 4 million customers, as it warned of a A$25 million to A$35 million ($16 million to $22.3 million) hit to first-half earnings.

It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow.

Shares in the company fell more than 14%, its biggest one-day slide since listing in 2014.

“I apologise unreservedly to our customers”

Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses.

“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” chief executive David Koczkar said in a statement. “I apologise unreservedly to our customers. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.”

The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity.

“Everywhere we have identified a breach, it is now closed,” John Goodall, Medibank’s top technology executive, told an analyst call on Wednesday.

Medibank, which also withdrew its fiscal 2023 policyholder growth forecast, reported an after-tax profit of about A$394 million for fiscal 2022 in August.

Medibank hack the latest of many

The Medibank hack is the latest in a string of similar incidents in the country that has alarmed the government and corporate sector.

The country’s No. 2 telco, Singapore Telecommunciations Ltd-owned Optus, said last month about 10 million customer accounts, equivalent to 40% of the Australian population, had data taken by a hacker demanding payment.

A person claiming to be behind the Optus hack later withdrew the demand over concerns about publicity.

The government has meanwhile said it would introduce fines of up to A$50 million for companies on the receiving end of data breaches.

($1 = 1.5664 Australian dollars)

(By Shashwat Awasthi and Lewis Jackson; Reporting by Shashwat Awasthi and Lewis Jackson. Writing by Alasdair PalEditing by Gerry Doyle, Shinjini Ganguli and Sam Holmes)

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.