Hacker accessed data of 9.7M customers Medibank says, refuses to pay ransom

Australia’s biggest health insurer, Medibank Private Ltd, said no ransom payment will be made to the cybercriminal responsible for recent data theft, wherein nearly 9.7 million current and former customers’ data was compromised.

Highlighting findings of the company’s investigation to date, the insurer confirmed that the name, addresses, dates of birth, phone numbers, and email addresses of nearly 9.7 million existing and former customers were accessed through the data theft.

Cyber security issues in Australia have seen a sharp rise in recent times, with an Australian government report suggesting there is one attack every 7 minutes.

David Koczkar, Medibank’s CEO said that based on the extensive advice the company received from cybercrime experts led them to believe there was only a limited chance paying a ransom would ensure the return of customer data and prevent it from being published.

Koczkar added that paying a ransom could encourage the cybercriminal to extort customers directly, hurting more people. Medibank reiterated that business operations remained normal during the time of the cyberattack, with customers continuing to access health services.

Corporate Australia has seen a string of attacks in just the last couple of weeks, with Woolworths revealing that the data of millions of customers using its bargain shopping website had been compromised and Singapore Telecommunications’ unit Optus disclosing a breach of almost 10 million customer accounts.