News

Holy Hell, The Medibank Data Leak Is Much, Much Worse Than The Optus Hack

Every single current Medibank customer has reportedly been affected, totalling over 4 million people.

by Charles Rushforth 26 October 2022

Want more Junkee in your life? Sign up to our newsletter, and follow us on Instagram, Twitter and Facebook so you always know where to find us.

Just weeks after the historic Optus hack that affected over 3 million Australians dominated headlines, you’d be forgiven if you didn’t notice insurance provider Medibank quietly admitting they’d noticed some “unusual” activity in their digital infrastructure.

Well, today the private health insurance company has finally revealed the shocking extent of the breach to its customers following the recent cyberattack on the business, and hoo boy, it’s a doozy.

In a statement, Medibank confirmed that hackers have obtained the details of all 4 million current customers, with information like names, phone numbers, and physical addresses along with sensitive information pertaining to medical claim history being stolen by the hackers.

The Medibank data breach goes from bad to VERY bad: this morning it now says the attacker had access to all personal data and “significant amounts” of claims data across ahm, its international student product & Medibank. How much was extracted from this access still not clear. pic.twitter.com/oSPEwq96F1

— Ariel Bogle (@arielbogle) October 25, 2022

While Medibank initially reassured customers that there was “no evidence” any sensitive data was accessed when the hack was first detected on October 12, the company later confirmed that over 200 gigabytes of customer data had been stolen after an individual contacted the company claiming responsibility for the cyberattack.

As reported by Nine, hackers allegedly sought an unspecified payment for the return of the customer data, while threatening to release the details of 1000 high-profile customers including actors and politicians if the demands were not met.

Ironically for an insurance company, the ABC reported that Medibank wasn’t insured in the event of a cyberattack, meaning that financial consequences could be dire.

Medibank Private – in the midst of a massive cyberattack – confirms it had no cyber insurance. Analysts and journalist wondering why are told reasons include “cost, coverage and ability to make a claim”. Something insurers model their business models around @abcnews @medibank

— Peter Ryan OAM (@Peter_F_Ryan) October 26, 2022

Look, I think it’s fair to say that none of us expected Optus’s historic data leak to be eclipsed so quickly. Have we unwillingly entered a new golden age of piracy?

Considering that keyboard trolls are seemingly capable of causing the amount same financial damage that seasoned swashbucklers wreaked plundering shipping lanes in the 1700s, I’d say “you best start believin‘ in data leaks, cause you’re in one”.