We're continuing to update our customers about the cybercrime event and our ongoing investigations, along with details of our Cyber Response Support Package. As well we're also updating the information page on our website regularly.
Customer update
I am writing to provide you with a further update on our cybercrime event and our Cyber Response Support Package.
Earlier this week, I emailed you to let you know the criminal has taken data belonging to some Medibank customers, in addition to that of ahm and international student customers.
Our continuing investigations have now determined that the criminal has had access to the personal data of all ahm, international student and Medibank customers, as well as health claims data for a significant number of our customers.
Specifically, the accessed data includes:
• name
• address
• date of birth
• phone numbers
• Medicare number
• policy number
• and in some cases, claims data.
We appreciate how important it is for you to understand what 'access' means. In this case, it means the data was either viewed, or the folder where the data is stored was viewed, by the criminal.
Our forensic investigation is still underway and will determine which of this data has been stolen.
What we are doing
Our investigation continues with a focus on determining the specific impact for each of our customers. We have started contacting customers whose data we know has been stolen.
If we find your data has been stolen, we will notify you by email as soon as possible. We will also provide you with specific advice and support on how our Cyber Response Support Package can help you.
We are also working urgently to provide our contact centre and retail teams with information specific to your circumstances, so they can better support you and answer your questions.
Support for customers
Earlier this week, we shared details of our Cyber Response Support Package for all current customers and former customers who have had their data stolen:
• Mental health and wellbeing support available through Medibank’s 24/7 support line 1800 644 325
• Hardship support for customers who are in a uniquely vulnerable position as a result of this crime. Our contact centre team will be able to provide direct access to the support we have available
• Specialist identity protection advice and resources through IDCare’s dedicated Medibank page
• Free identity monitoring services for customers who have had their primary ID fully compromised in this crime
• Reimbursement of replacement fees for customers whose identity documents have been fully compromised in this crime
Steps you can take to protect yourself
Given your name, address and date of birth may have been compromised, we recommend extra vigilance with your online security:
• Being alert for any phishing scams that may come to you by phone, post or email;
• Being vigilant to verify any communications you receive to ensure they are legitimate; and
• Not opening texts from unknown or suspicious numbers.
There are a number of resources online that explain what scams look like, including the Australian Cyber Security Centre and ScamWatch.
If you have received a suspicious email, please forward these emails to us at scaminvestigations@medibank.com.au. Our team will collate this information and share with law enforcement.
Please be assured people can’t access your Medicare details with just your Medicare card number. If you’re concerned you can replace your Medicare card using your Medicare online account through myGov or the Express Plus Medicare mobile app. Find out more at www.servicesaustralia.gov.au/medicarecard.
As always, Medibank will never contact you asking for your password or sensitive information.
We are regularly updating our website with the most up-to-date information, answers to frequently asked questions, as well as a reminder of the further resources available. Our contact centre team is also available on 13 23 31 to answer other questions that you may have.
I acknowledge how distressing this will be for you, and apologise unreservedly.