The personal data of hundreds of Australians has been posted online after the country’s biggest health insurer Medibank was stolen.
Some health claims data with names, addresses, dates of birth and government identification numbers – including dates of medical procedures – were released.
PM Anthony Albany said that as a Medibank customer he was among those whose data could be made public.
“It’s really hard for people,” he said Wednesday.
Data of 9.7 million Medibank customers was stolen last month. A specimen was released on Wednesday after the insurance company refused to pay the ransom.
It comes amid a series of high-profile data breaches in Australia.
The Australian Federal Police said the release of private health information could be “disturbing and embarrassing”, warning people whose data has yet to be released are at risk of blackmail.
Assistant Commissioner Justin Gow said, “Please don’t be shy about contacting the police… if someone contacts you online, by phone or by SMS and threatens to release your data unless you pay up. Not to be done,” said Assistant Commissioner Justin Gow.
All affected consumers — whether their information is publicly released or not — are also vulnerable to phishing scams, he said.
Medibank apologized for what it called the “malicious weaponization” of private information, and promised it would work “around the clock” to notify customers whose information was published. have been done.
But Home Affairs Minister Claire O’Neill – who has previously said Australia is “a decade behind” in cyber security – defended Medibank, saying the company followed government advice in not paying the ransom.
He said the groups responsible were “compags” and “disgraceful human beings”.
According to local media reports, the stolen Medibank data was posted on a blog linked to the Russian ransomware group REvil. The blog post says more data will be posted soon.
Medibank says the information was obtained after logging in details allowing access to all its customers’ data.
The “criminal” accessed data from its subsidiaries, including ahm insurance. Ahm is a small health insurance brand owned by Medibank.
While millions were affected, the most serious breach was for nearly 500,000 customers whose private health information was stolen, Medibank said.
But the company has stressed that no credit card or banking details were accessed.
In September, Australian telecommunications company Optus was also targeted for extortion, after the personal data of nearly 10 million customers was stolen in what the company called a cyber attack.
