Cyber Security News

Involved in the Medibank data breach? [news]

More than 10 million Australians had their private medical information leaked onto the dark web in October 2022 following an unsuccessful attempt to extort money from Medibank.

In the world of cyber security, this is known as a ransomware attack.

Cyber thieves managed to penetrate Medibanks digital ecosystem and steal vast amounts of sensitive data.

They then shared a small amount of the stolen data with Medibank (to prove they had indeed managed to breach their systems) and demanded money (the ransom) or they would release the data onto the dark web.

The Australian Federal Police believe that those responsible for this cybercrime are in Russia and are actively pursuing that line of inquiry.

But that doesn't help those Medibank clients who have been a victim of this data breach.

What Data Was Stolen?

Let's start with what has actually been stolen and shared on the dark web.

It is reported by Medibank that these cyber criminals accessed personally identifiable information including:

  1. Name
  2. Date of birth
  3. Address
  4. Phone number
  5. Email address
  6. Medicare numbers (but not expiry dates)
  7. Visa details for international clients
  8. Health claim data
  9. Next of kin details
  10. Health provider details

On the dark web, stolen data such as this is highly valuable to other cybercriminals who can exploit it in future attacks for financial gain.

What should victims do?

Remaining vigilant with all online communications and transactions is the most practical way victims of this cyber attack can minimise their exposure.

  • Staying alert for phishing scams via phone calls, snail mail, or email
  • Double-checking that all inbound communications are legitimate
  • Being hyper-cautious and not opening texts from unknown or suspicious numbers
  • Changing passwords immediately (and regularly) with long, complex versions, not re-using passwords, and, whenever available, activating multi-factor authentications on all online accounts

These are of course considered 'best practice' anyway regardless if you have been caught up in the Medibank breach.

Medibank is continuing to support those who have been impacted by this crime through its Cyber Response Support Program.

This includes mental health and well-being support, identity protection, and financial hardship measures.

If you are concerned, please reach out for support: