Australia’s biggest health insurer Medibank Private Limited said it expected the number of customers affected by a massive data breach to grow, after it discovered policy records of a further 1,000 customers had been stolen.
Medibank, which provides coverage to one-sixth of Australians, said last week an unidentified person had shown the company stolen personal information of a 100 customers, including medical diagnoses and procedures.
On Tuesday, the company said it had received more files from the criminal, showing information including personal and health claims data of more patients as well as files with some Medibank and international student customer data.
“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” the company said in a statement.
“As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.”
Medibank’s is the latest in a series of cybersecurity incidents that have rocked corporate Australia, including a breach late last month at the country’s no. 2 telco Optus, which compromised the data of up to 10 million customers.
An investigation by the Australia Federal Police into the Medibank hack is ongoing.
Last week, Reuters reported that hackers had threatened to leak the stolen health data of 1,000 famous Australians in a cybersecurity incident described by the government as a “huge wake-up call”.
Medibank, one of Australia’s largest private health insurers, said last week that the hackers were claiming to have stolen 200GB of data.
“The criminal has provided a sample of records for 100 policies,” it had said in a statement to the Australian stock market. On Saturday, Australia proposed tougher penalties for companies that fail to protect customers’ personal data after two major cybersecurity breaches left millions vulnerable to criminals.
© Thomson Reuters 2022