Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Hub Image

IOTW: Medibank confirms 200GB of customer data stolen

Hackers released a sample of the stolen data to the healthcare provider

Add bookmark
Olivia Powell
Olivia Powell
10/20/2022
Medibank confirms 200GB of customer data stolen

Medibank has confirmed that hackers have stolen customers’ personal data after gaining unauthorized access to its internal systems.

In a statement released on October 20, Medibank explained that the hackers that had previously contacted them attempting to ransom customer data had released a sample of 100 customers’ details to them.

Medibank said that it believed the data came from its “ahm and international student systems” and that it contained customers full names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data. The claims data includes codes relating to their medical diagnoses and procedures as well as where these procedures took place.

The malicious actor also claimed that it had stolen data related to customers’ payment details, however Medibank has not yet been able to verify these claims.

The healthcare provider said that the breach is now under investigation by the Australian Federal Police. Additionally, Medibank said its teams are working “around the clock” to understand what customer data has been stolen and the impact this will have on customers.

When did the hack take place?

The cyber security incident in which the data was stolen occurred on October 13. Medibank noticed some “unusual activity” on its internal systems, including its ahm and international student systems. These systems were temporarily shut down in response to the cyber-attack but resumed functionality on October 14.

Despite originally stating that there had been “no evidence customer data had been accessed,” Medibank was contacted by a malicious party who aimed to “negotiate with the company regarding their alleged removal of customer data.” As a result of this, Medibank called a trading halt in order to meet its continuous disclosure obligations.

Who was targeted in the attack?

In a ransom note sent to Medibank, the hackers claimed they had 200GB worth of confidential data and would sell it if their demands were not met.  

The group also threatened to contact the 1,000 “most [prominent] media persons” at Medibank which, according to them, included “[those with the] most [social media] followers, politicians, actors, bloggers, LGBT activists [and] drug addicted people” as well as people with “very interesting diagnoses” as a warning.

What impact has the attack had?

Medibank has contacted the customers affected by the data breach and has said they expect this number to grow as the cyber security incident continues.

The company encouraged customers to “stay vigilant” and reiterated that Medibank will never contact them requesting personal or sensitive information. In response to the event, the company has opened cyber security-specific helplines.

Medibank customers have claimed on social media that they have been targeted by phishing schemes just seven days after the initial attack. In a tweet, one customer said they had received a letter claiming to be Medibank that said they “owed money for repayments.”

The public response to the data breach

Home Affairs Minister Clare O’Neil criticized the hackers in a statement on October 20, saying that the threat to make Australian peoples’ private medical information public was a “dog act.”

She continued, saying that this threat was “why the toughest and smartest people in the Australian Government are working directly with Medibank to try to ensure that this horrendous criminal act does not turn into irreparable harm to some Australian citizens.”

 

Medibank customers have taken to social media to respond to the data breach, with many unhappy. One person said that Medibank had “failed all [its] customers” by not adequately protecting their personal data. Others questioned the ability of all corporations to protect the publics’ data, noting the numerous data breaches that have befallen Australian companies in the past three weeks.

While a class action lawsuit has not yet been filed, many of those posting on social media said they wanted to take some form of action against the company. 

Medibank CEO David Koczkar said that he “unreservedly apologize[d] for this crime which has been perpetrated against our customers, our people, and the broader community”. 

Tags: Medibank healthcare insurance hack hacking data breach cyber attack ransom cyber security incident class action lawsuit

More From Incident of the Week

IOTW: Victoria Court recordings exposed in suspected ransomware attack

Unauthorized access disrupted audio visual in-court technology network impacting video recordings, a...

 2024-01-05  by Michael Hill
IOTW: Victoria Court recordings exposed in suspected ransomware attack

IOTW: Xfinity data breach impacts 35 million customers

Exposed data includes usernames, hashed passwords and social security numbers

 2023-12-22  by Michael Hill
IOTW: Xfinity data breach impacts 35 million customers

IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

Powerful attack knocked out internet access and mobile communications, damaging IT infrastructure

 2023-12-15  by Michael Hill
IOTW: Russia-linked cyber attack targets Ukraine’s biggest phone operator

IOTW: HTC confirms cyber attack as BlackCat ransomware gang teases stolen data

BlackCat/ALPHV ransomware group leaked photos of what appears to be stolen passports, contact lists,...

 2023-12-08  by Michael Hill
IOTW: HTC confirms cyber attack as BlackCat ransomware gang teases stolen data

IOTW: Okta data breach affects all customer support users

Hackers stole information on all users of Okta’s customer support system

 2023-12-01  by Michael Hill
IOTW: Okta data breach affects all customer support users
Go To Hub

Recommended

info@cshub.com/r/n

We hope you enjoy All Access from CS Hub!!<\/p>\r\n<p>Best Regards,<\/p>\r\n<p><a href=https://www.cshub.com/"https:////www.cshub.com///" target=\"_blank\">CS Hub Team<\/a><\/p>\r\n<p>P.S. Be sure to check out our other upcoming <a href=https://www.cshub.com/"https:////www.cshub.com//events?filter_format=ONLINE\%22 target=\"_blank\">All Access events here<\/a>.<\/p>\r\n<p>--------------------------------<\/p>\r\nConnect with us on Social Media: <a href=https://www.cshub.com/"https:////www.linkedin.com//groups//12067996///" target=\"_blank\">LinkedIn<\/a> | <a href=https://www.cshub.com/"https:////twitter.com//CSHubUSA/" target=\"_blank\">Twitter<\/a><\/p>\r\n<p>--------------------------------<\/p>\r\n<p>FAQS<\/p>\r\n<p><b>Can I invite my colleagues?<\/b><br>Yes of course! Please send them this link so they can register for free! [WebUrl]<\/p>\r\n\r\n<p><b>How do I access the sessions?<\/b><br>\r\nAll Access is run on Zoom Events. You should receive an email shortly from Zoom Events with your unique All Access link to the event lobby. Please hold on to that email ahead of the event. We\u2019ll also send you a reminder 24 hours before we go live!<\/p>\r\n\r\n<p><b>Will the agenda be updated?<\/b><br>\r\nYes, the agenda will be continuously updated on the website with the latest sessions & speakers. As we get closer to the event, also look out for our weekly updates which will also include the latest updates information and link to access the event.<\/p>\r\n<p><b>Can I access the sessions On Demand?<\/b><br>\r\nEvery session will be available after the event via the event lobby. We\u2019ll also send you a reminder about the On Demand sessions which will be sent to you after the event is over.<\/p>\r\n<p>--------------------------------<\/p>\r\n<p>RELATED RESOURCES TO READ BEFORE YOUR EVENT<\/p>\r\n<ul>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//executive-decisions//reports//cs-hub-mid-year-market-report-2022?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CS Hub Mid-Year Market Report 2022<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//ciso-strategies-for-proactive-threat-prevention?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">CISO strategies for proactive threat prevention<\/a><\/li>\r\n <li><a href=https://www.cshub.com/"https:////www.cshub.com//security-strategy//reports//how-to-strengthen-email-security-and-protection-against-advanced-ransomware-attacks?utm_source=eco-event-confirmation-email&utm_medium=email&utm_campaign=eco-event-confirmation-email\%22 target=\"_blank\">How to strengthen email security and protection against advanced ransomware attacks<\/a><\/li>\r\n<\/ul>","event_registration_srs_confirmation_email":null,"assets_from_cdn":true},"bant_disabled":1,"sponsorship_disclaimer":null,"sponsorship_disclaimer_text":null,"sponsorship_disclaimer_checkbox_disabled":0,"ext_treat_id":null,"recording_url":null,"file_attachment":null,"ingo_enabled":null,"ingo_activator_id":null,"ingo_autofiller_id":null,"ingo_amplifier_id":null,"ingo_authorizer_id":null,"restricted_content":0,"featured_events_embedded":[],"featured_content_embedded":[{"id":"6335baa36e659145b108542e","name":"IOTW: Everything we know about the Optus data breach","description":"A full timeline of the Optus hack, breach and its impact on Australia","file":null,"url":"\/attacks\/news\/iotw-everything-we-know-about-the-optus-data-breach"},{"id":"634fe972c5c9f27fbf0907be","name":"Medibank is latest Australian company to suffer cyber security incident","description":"Hackers have threatened to release customer data if their demands are not met","file":null,"url":"\/attacks\/news\/medibank-is-latest-australian-company-to-suffer-cyber-security-incident"},{"id":"634ed20078595a64b9157129","name":"MyDeal data breach impacts 2.2 million people","description":"The data was exposed via a compromised user credential","file":null,"url":"\/attacks\/news\/mydeal-data-breach-impacts-22-million-people"},{"id":"632dbdc14b502166bf7f1947","name":"IOTW: Hacker allegedly hits both Uber and Rockstar","description":"A hacker has claimed they are responsible for hacking into both companies\u2019 servers","file":null,"url":"\/attacks\/news\/iotw-hacker-allegedly-hits-both-uber-and-rockstar"},{"id":"62fe6505249e3f07d65f3d88","name":"Almost one million people affected by medical billing ransomware attack","description":"A ransomware attack on a medical billing vendor has affected patients from 27 healthcare organizations","file":null,"url":"\/attacks\/news\/almost-one-million-people-affected-by-medical-billing-ransomware-attack"}],"featured_content_portal_embedded":null}" >

FIND CONTENT BY TYPE

News Case Studies Interviews White Papers Videos

Cyber Security Hub COMMUNITY

About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Cyber Security Hub, a division of IQPC

© 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC | Contact Us | About Us | Cookie Policy