Medibank is aware that the criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from Medibank’s systems.
Medibank CEO David Koczkar said: “The release of this stolen data on the dark web is disgraceful.”
“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.
“We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.
“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,” he said.
Given the sensitive nature of the stolen customer data that is being released on the dark web we ask the media and others to support our ongoing efforts to minimise harm to customers, and not to unnecessarily download sensitive personal data from the dark web and to refrain from contacting customers directly.
We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures.
Supporting our customers
Our dedicated Cyber Response Support Program for our customers includes:
• A cybercrime health & wellbeing line (1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and issues related to sensitive health information
• Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from our contact centre team
• Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available
• Personal duress alarms – for customers particularly vulnerable and/or with safety risks
• Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team (13 23 31 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for My Home Hospital patients)
• Specialist identity protection advice and resources through IDCARE’s purpose-built Medibank page
• Free identity monitoring services for customers whose identity has been compromised as a result of this crime
• Reimbursement of ID replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
• Specialised teams to help our customers who receive scam communications or threats
To further assist our customers, we’ve extended call centre hours and created dedicated specialist teams to support customers.
Reach out for support
We understand this crime will be distressing for many of our customers.
Customers should reach out for support if they need it from:
• Medibank’s Mental Health Support line on 1800 644 325 (Medibank international students call 1800 887 283 and ahm international students call 1800 006 745)
• Beyond Blue (1300 224 636 / beyondblue.org.au)
• Lifeline (13 11 14 / lifeline.org.au)
• Their GP or other relevant health professional
Remaining vigilant
Medibank recommends being vigilant with all online communications and transactions including:
• Being alert for any phishing scams via phone, post or email
• Verifying any communications received to ensure they are legitimate
• Not opening texts from unknown or suspicious numbers
• Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available
• Medibank will never contact customers asking for password or sensitive information
If you are contacted by someone who claims to have your data, or you are a victim of cybercrime, you can report it at ReportCyber on the Australian Cyber Security Centre website. To report a scam, go to ScamWatch. If you believe you are at physical risk, please call emergency services (000) immediately.
