What Has Happened?
On the 13th of October, Medibank suffered a “cyber incident” that took its data and policy systems offline. They were able to restore the systems the next day and announced there was “no evidence that customer data has been accessed”. Following this announcement, on the 19th of October Medibank was contacted by a third party to negotiate a ransom for “200 gigabytes of customer data they said had been stolen from company systems”. On the 25th of October, Medibank announced that all customer data has been compromised in the attack.
Medibank is still investigating how this attack occurred; however, it’s theorised the attackers were able to gain access using fake or compromised user credentials. If you’re an affected customer, we advise keeping up to date with this incident (Updates posted here) as there will be more information released as the investigation progresses.
Data Exposed
Data exposed includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data. The criminals also claim to have stolen data related to credit cards, but this has not yet been verified.
Who Is at Risk?
Medibank confirmed the criminal entity behind the hack had accessed all Medibank, ahm and international student customers’ personal data and a “significant amount” of health-claims data. Medibank has begun contacting customers that have been affected by this breach. If you know anyone that’s with Medibank, please forward this article to them so they are aware of the situation.
What Now?
If you have been affected by the Medibank Private cyber security incident, ahm customers should contact 13 42 46 and Medibank Private customers 13 23 31.
Medibank has initiated a dedicated cybercrime customer support package to respond to the breach which includes:
- A hardship package to provide financial support for customers who are in a uniquely vulnerable position as a result of this crime, who will be supported on an individual basis.
- Access to Medibank’s mental health and wellbeing support line for all customers, including ahm customers.
- Access to specialist identity protection advice and resources from IDCARE.
- Free identity monitoring services for customers who have had their primary ID compromised.
- Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.
You should also:
- Use the ‘Have you been hacked’ web application.
- Contact Medibank for any further information.
- Secure your devices, monitor your devices and accounts for unusual activity, and ensure they have the latest security updates.
- Enable multi-factor authentication for all accounts.
- While passwords have not been exposed, it’s always a good idea to update your online account passwords routinely.
Be alert for scams referencing Medibank Private. Learn how to protect yourself from scams by visiting Scamwatch.
If you are concerned that your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160.
If you have any questions or concerns regarding the incident, please feel free to contact our IT Support team on +61 (2) 67735000, servicedesk@une.edu.au.
If you haven’t already, we would encourage you to visit the UNE Cyber Security webpage and undertake the UNE Cyber Security Awareness training.
Thank you for your support in helping us maintain the cyber security integrity of UNE.
Sources:
Recent Comments