On November 9th, 2022, Medibank Private, Australia’s largest health insurance firm, was the victim of a data breach. Russian-speaking cybercriminals were able to access and leak sensitive personal and health data from the company. The hackers then announced, ‘case closed’ and dumped a huge file of customer records on the dark web.
Medibank has confirmed that up to 9.7 million current and former customers may have had their data compromised in this attack. This includes 1.8 million customers who had medical information stolen as well as credit card details, addresses, phone numbers, dates of birth and other identifying information.
The Office of the Australian Information Commissioner (OAIC) has opened an investigation into Medibank’s handling of personal information in this incident. In response to the breach, Medibank has set up a dedicated website to provide advice and support for affected customers.
Australians should be aware that scammers may use this data breach as an opportunity to target victims with phishing emails or SMS messages claiming to be from Medibank or other trusted organisations offering assistance with identity theft protection services or refunds for out-of-pocket losses due to the breach. It is important not to click on any links or respond to these messages without verifying their authenticity first – if you are unsure about a message you have received, contact your bank directly using official contact details listed on their website rather than those provided in the message itself.
It is also important for Australians to remain vigilant against any suspicious activity related to their accounts or personal information following this data breach. If you believe your account may have been compromised or if you receive any unexpected calls or emails asking for personal information such as passwords or credit card details, report it immediately by calling Scamwatch on 1300 795 995 or visiting https://www.scamwatch.gov.au/types-of-scams/recent-scam-activity/medibank-private-data-breach.