Medibank data breach: what personal data has been accessed?

ABC News

2 years ago

medibank data breach has affected thousands of customers

Medibank has detailed the personal information it believes a cybercriminal has accessed from customers, in its latest update on the hack of the company’s data.

The company believes the personal details of 9.7 million current and former customers were accessed by the criminal.

These current and former customers include 5.1 million Medibank customers, 2.8 ahm customers and 1.9 international customers.

However, what type of personal information may have been accessed depends on whether you are a Medibank, ahm, My Home Hospital patient or international customer.

These differences are detailed below:

Medibank customers

For Medibank customers who are Australian residents, it is believed customer names, dates of birth, addresses, phone numbers and email addresses have been accessed by the criminal.

Other details such as driver licences, Medicare numbers, passport numbers, credit card and banking details were not believed to be accessed for Australian resident Medibank customers.

Medibank believes health claims data, including service provider name and location, what type of medical service was received, and codes related to diagnoses and procedures were accessed for 160,000 Medibank customers.

ahm customers

Medibank believes ahm customers’ names, dates of birth, addresses, phone numbers, email addresses and Medicare numbers have been accessed by the criminal.

ahm customer details that were not believed to have been accessed include: driver licences, passport numbers, credit card and banking details.

International student customers

Medibank believes the criminal has accessed the passport numbers and visa details of international student customers.

The company believes international students’ names, dates of birth, addresses, phone numbers, email addresses have also been accessed by the criminal.

But international student customers’ other details such as driver’s licences, credit card and banking information are not believed to have been accessed.

As many as 20,000 international students’ health claims data, including service provider name and location, what type of medical service was received, and codes related to diagnoses and procedures, are also believed to have been accessed by the criminal.

My Home Hospital

Medibank believes 5200 My Home Hospital patients have had some personal and health claims data accessed as well as the contact details of 2900 next of kin of these patients.

What should customers do?

The company says it will inform customers what data it believes has been accessed or stolen and provide advice on what to do via email, letter or phone and how they should respond.

It has also urged customers to “remain vigilant” as the criminal may publish customer data online or attempt to contact them directly.

Customers have been warned to:

be alert for phishing scams via phone, post or email
verify any communication to ensure it is legitimate
not open texts from unknown or suspicious numbers
change passwords and activate multifactor authentication on online accounts
report scams to Scam Watch.

The company will also continue to update customers on the hack online.

Further support

Medibank has provided services for customers particularly vulnerable or distressed by the breach. The package includes:

a cybercrime health and wellbeing line where customers can speak to counsellors who have experience supporting victims of crime (call 1800 644 325, Medibank international students 1800 887 283 and ahm international students 1800 006 745)
hardship support for customers who are in a uniquely vulnerable position as a result of this crime (call 13 23 41 for Medibank, 13 42 46 for ahm and 1800 081 245 for MHH patients)
access to specialist identity protection advice and resources from IDCARE
free identity monitoring services for customers who have had their primary ID compromised
reimbursement of fees for reissue of identity documents that have been fully compromised in this crime.