
Medibank, Australia’s largest health insurer, announced that it will not pay a ransom to the hacker behind the recent data theft affecting 9.7 million customers.
The company discovered the ransomware attack on October 12 and said that no ransom payment will be made to the threat actors for the data theft. The company noted that based on advice it received from cybercrime experts, the hacker is unlikely to shield and return the stolen information even if the ransom is paid.
The company said it believed that criminals accessed the names, dates of birth, addresses, phone numbers, and email addresses of around 9.7 million current and former customers, including 2.8 million ahm insurance holders and 1.8 million international customers.
Medibank has determined that the hacker also gained access to Medicare numbers for ahm customers, and passport and visa information for international student customers. The hacker did not obtain banking details, primary identity documents, and health claims data for extras services.
“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal,”, urging customers to be on the alert for any potential leaks.
Medibank said, it will continue to support customers through its Cyber Response Support Program, which includes mental health and wellbeing support, identity protection, and financial hardship measures.
Medibank said it is required by law to keep customer data for seven years or longer when a customer leaves the service
The Medibank incident is only the latest in a string of attacks among corporate Australia over the past few weeks, with telecom giant Optus confirming a breach affecting up to 10 million customer accounts, and Telstra’s third-party suppliers being hacked.