CANBERRA, Australia (AP) — A cybercriminal held an Australian health insurer’s customer data, including diagnoses and treatments, for ransom in the country’s second-biggest privacy breach in a month, officials said Thursday.
Trading in Medibank shares has been halted on the Australian Stock Exchange since Wednesday, when police were alerted that the company had been contacted by what it described as a “criminal” who wanted to trade on stolen personal data from …
READ MORE
CANBERRA, Australia (AP) — A cybercriminal held an Australian health insurer’s customer data, including diagnoses and treatments, for ransom in the country’s second-biggest privacy breach in a month, officials said Thursday.
Trading in Medibank shares has been halted on the Australian Stock Exchange since Wednesday, when police were alerted that the company had been contacted by what it described as a “criminal” who wanted to trade on stolen personal data from the clients.
Medibank, which has 3.7 million customers, said Thursday that the criminal had provided a sample of 100 customer policies from an alleged 200-gigabyte loot of stolen data.
The details included client names, addresses, dates of birth, national health care identification numbers and phone numbers.
The cybersecurity minister, Clare O’Neil, said what was most worrying was that diagnostic and medical procedure records had also been stolen.
“Financial crime is a terrible thing. But ultimately a credit card can be replaced,” O’Neil told reporters.
“The threat being made here to make Australians’ private and personal health information available to the public is a doggy act,” he added.
The Medibank breach, which O’Neil described as a “ransomware attack,” came a month after a cyberattack stole the personal data of 9.8 million customers from telecom company Optus.
The Optus breach, which compromised the personal data of more than a third of Australia’s population, prompted the government to propose urgent reforms to privacy laws that would increase penalties for companies that fail to protect customer data and limit the amount of data that can be retained.
O’Neil said cybercrime was a growing problem around the world and Australia needed to be better prepared.
“We’re going to be under essentially relentless cyberattack from now on, and what that means is that we need to do much better as a country to make sure that we’re doing everything we can within organizations to protect customer data and also to protect customers.” citizens do everything they can,” O’Neil told the Australian Broadcasting Corp.
“Combined with Optus, this is a huge wake-up call for the country and it certainly gives the government a very clear mandate to do some things that, frankly, probably should have been done five years ago, but I think are still vitally important.” . he added, referring to reforms to the privacy law that the government hopes to pass through parliament this year.
Medibank Chief Executive David Koczkar said his company was working with specialized cybersecurity firms as well as law enforcement and government experts in response to the breach.
“I apologize unreservedly for this crime perpetrated against our clients, our people and the community at large,” Koczkar said in a statement.
“I know that many will be disappointed with Medibank and I recognize that disappointment,” he added.
Copyright © 2022 . All rights reserved. This website is not intended for users located within the European Economic Area.
