Medibank Refuses To Pay Hackers Ransom
Medibank has refused to pay a ransom to the cybercriminals who stole the private information of 9.7million current and former customers last month.
The health insurer on Monday revealed the details of nearly 10million customers had been accessed in the major data breach, including information like names, date of birth, phone number and email addresses.
Medibank CEO David Koczkar said after speaking with cybercrime experts the company had decided not to pay the criminals responsible any ransom money.
'Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published,' he said on Monday.
Medibank has refused to pay a ransom to the mysterious hackers who stole the private information of 9.7million of their customers last month (pictured, a Medibank in Sydney)
The health insurer revealed the details of nearly 10million customers had been accessed in the major data breach last month, including information like names, date of birth, phone number and email addresses (pictured, a Medibank in Canberra)
Mr Koczkar said paying a ransom to the cybercriminals would encourage them to contact customers and extort them directly.
'In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target,' he said.
Pictured: Medibank CEO David Koczkar
'It is for these reasons we have decided we will not pay a ransom for this event.'
Medibank said the number of customers who have had their basic customer information accessed was 9.7million, while the number of people whose private health information has been accessed was less than 500,000.
This includes 160,000 Medibank customers, 300,000 customers from the ahm brand and about 20,000 international customers.
Personal details include service provider name and location, diagnosis and procedure codes, and the locations where Medibank customers have received specific medical procedures.
Of the 9.7million customers who have had their personal information breached, this includes 5.1million Medibank customers, https://www.cruisewhat.com/tocaya-organica-nutritional-information/ 2.8million ahm customers and 1.8million international customers.
Last month, the Medibank cybercriminals threatened to release 200GB of confidential data as well as the private records of the companies 1,000 most famous customers
Australia's biggest health insurer has reiterated that business operations remain normal and that no credit card details have been accessed.
Last month, the cybercriminals threatened to release 200GB of confidential data as well as the private records of the companies 1,000 most famous customers.
RELATED ARTICLES
Share this article
Share
Mr Koczkar has 'unreservedly' apologised for the breach and said Medibank would work closely with the Australian Federal Police as investigations continue.
'This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community,' he said last month.
The data breach at Medibank follows a similar attack on telecommunication company Optus where the personal details of up to 10million were exposed (stock image)
Cybersecurity Minister Clare O'Neil has said the federal government is against companies paying cybercrime payments but admitted it is not illegal.
'The formal advice of the Australian Government is don't pay ransoms,' she said.
'These people are hard criminals and they are dishonest.
They'll tell you all sorts of things about what will happen in the aftermath of paying a ransom and by nature these people are liars and we suggest not co-operating with them.'
The data breach at Medibank follows a similar attack on telecommunication company Optus where the personal details of up to 10million were exposed.
Telstra also revealed a data breach last month in which 30,000 current and former staff had their names and emails posted online.
adverts.addToArray({"pos":"inread_player"})Advertisement