(Reuters) – Australia’s Medibank Private Ltd said on Thursday a criminal had proved it had the personal and medical information of 100 of the health insurer’s customers, and the company warned that even more customers could be affected.
The criminal claims to have 200 gigabytes of data –– including customer names, contact details, Medicare and policy numbers and some claims data such as on diagnosis and procedures –– that Medibank said it believes, based on the proof, was from its systems.
The criminal also claims to have stolen other information, including data related to credit card security, which Medibank said it had not yet verified.
The update comes a day after the Melbourne-based company said a “hacker group” had been in contact to negotiate about customer data it claimed to have retrieved.
The Australian Federal Police is investigating the case, while Medibank is also working with cyber security firms, the Australian Cyber Security Centre (ACSC) and other government authorities.
The incident is the latest in a spate of cyber breaches reported by Australian companies recently, including one of the biggest cyber breach attacks faced by mobile operator Optus late last month.