Australia’s biggest health insurer Medibank hacked; hackers stole data of 9.7 million customers
Australia’s biggest health insurer Medibank becomes the latest victim of a cyberattack in a series of data breaches that plagued the country in the last two months. Medibank announced Monday that the health data of around 9.7 million current and former customers’ data was compromised. The company refused to pay ransom to the criminal responsible for the data theft.
Medibank confirmed that names, dates of birth, address, phone number, and email addresses of around 9.7 million current and former customers were accessed in the data theft, Reuters reported. Medibank warned its customers must be vigilant about the potential of cybercriminals selling their personal health information on the dark web or attempting to contact them directly for extortion.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank CEO David Koczkar said.
Koczkar said that paying a ransom could encourage the hacker to extort customers directly and hurt more people.
Last month, two Australian companies, Woolworths and Optus were hacked. Australia’s Woolworths suffered a major data breach after hackers stole the personal data of 2.2 million users from its MyDeal website. Australia’s second-largest telco Optus said that hackers stole the personal details of up to 10 million customers in a “sophisticated” hack, but added no corporate clients were compromised.
Data breach incidents have increased in recent months. Two days ago, Rockstar parent company Take-Two Interactive Software was hacked, as hackers targeted 2K Games Support urging users to download malware. Take-Two said that a hacker had gained access to the help desk platform of its unit 2K Games and sent a malicious link to certain customers.
The cost of a data breach continues to skyrocket. According to a recent IBM study conducted by the Ponemon Institute, data breaches cost American companies on average more than $8 million per incident, with big breaches (more than 50 million records) costing $388 million.
Many of the biggest breaches are the result of a shift in how the increasingly digitized economy operates. As companies have embraced the cloud, data is no longer stored in electronic fortresses. As we reported a year ago, most cloud-related data breaches were caused by cloud misconfigurations, which now cost enterprises nearly $5 trillion.