Australian insurance company Medibank has made a public statement after being contacted by a malicious party claiming to have customer data and wanting a ransom for its deletion.
The initial cyber security incident occurred on October 13, when Medibank detected some “unusual activity” on its internal systems. After dealing with the cyber-attack, Medibank said in a statement about the October 13 breach that there was “no evidence that customer data has been accessed” during the breach.
Medibank was then contacted on October 17 by the malicious party, who aimed to “negotiate with the company regarding their alleged removal of customer data”. Medibank has not confirmed what data the supposed hackers claim to have, only saying that as an insurance and healthcare company, it possesses “a range of necessary personal information of customers”. The insurer said it is working to verify these claims, and based on its “ongoing forensic investigation” it is treating the potential cyber security incident “seriously”.
According to The Sydney Morning Herald, who claim to have seen the ransom note, the malicious party are threatening to sell 200GB worth of confidential data if their demands are not met. The group threatened to release the data of Medibank’s “1k most [prominent] media persons” which includes “[those with the] most [social media] followers, politicians, actors, bloggers, LGBT activists [and] drug addicted people” as well as people with “very interesting diagnoses”.
As a result of the attempted ransom and to ensure it meets its continuous disclosure obligations, Medibank has called a trading halt which will continue until further notice. The company has also employed the help of “specialist cyber security firms” and has alerted the Australian Cyber Security Center (ACSC).
Medibank CEO David Koczkar said of the potential data breach: “I apologize and understand this latest distressing update will concern our customers. We have always said that we will prioritize responding to this matter as transparently as possible. Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now. We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.”
Medibank noted that as its internal systems had not been encrypted by ransomware, normal operations can continue, although they may be affected by the ongoing investigation into the hacking claims.