The health insurer Medibank Private says data was stolen during last week’s cyber attack. A new statement released to the ASX said a criminal claims to have stolen 200 gigabytes (GB) of data including customer names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.
The statement also said the criminal claims to have stolen credit card security information but Medibank said that has not yet been verified.
“I unreservedly apologise for this crime which has been perpetrated against our customers, our people and the broader community,” said CEO David Koczkar. “I know that many will be disappointed with Medibank and I acknowledge that disappointment.”
Koczkar said the cybercrime is now under investigation by the Australian Federal Police.
The Medibank statement said the criminal provided a sample of records for 100 policies which they believe came from the firm’s ahm and international student systems. The stolen claims data, the statement said, includes the location where customers received medical services and codes relating to their diagnosis and procedures.
Medibank said it has started making direct contact with affected customers to provide support and guidance. To reduce wait times, the private insurer has redeployed staff to new cyber response hotlines in its call centres.
“We will learn from this incident and will share our learnings with others,” said Koczkar. “Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.”
Medibank also announced a trading halt in its shares until further notice.