Medibank, a private health insurer in Australia with 3.7 million customers, has confirmed today it is the latest business down under to fall victim to a digital break-in.
In a brief statement, the company confirmed it had yanked the ahm and international student policy systems offline, “and we are in the process of methodically and safety restarting systems.”
“The work we have done today continues to show no evidence that customer data has been accessed, however our investigation is ongoing,” Medibank added.
Lines of communication were opened over the course of today with the Australian Cyber Security Centre, APRA, the Office of Australian Information Commissioner, Private Health Ombudsman, the Department of Health and the Department of Home Affairs, the company said.
“We have begun the process of contacting our customers and our focus remains on ensuring the ongoing security of our customers, employees and stakeholders and the continued delivery of Medibank services.”
Medibank – which provides insurance coverage for accident, hospital time, optical health, dental work, and more – didn’t explain how the criminals gained access to its network, how long they were there or anything else related.
The attack follows burglaries at several Singtel-owned enterprises. In late September, Aussie telco subsidiary Optus confirmed unauthorized access had exposed a raft of information including names, dates of birth, phone numbers, email addresses, and more. For some customers, the data trove also included passport details and account passwords.
Of Optus’s 9.8 million customers, some 1.2 million had a current and valid form of ID compromised and 900,000 had records relating to expired IT or personal data. The Australian Federal Police is working with the FBI to unearth the crew behind the breach.
The attack on Optus will be probed by two regulators, the Australian Communications and Media Authority and the Office of the Australian Information Commissioner.
This week, Singtel’s Dialog consulting division confirmed it had also spotted intruders accessing its servers in September and shut down certain systems as a precaution. Data on fewer than 20 clients and 1,000 employees was potentially accessed. ®