Medibank Group Personal Data Breach (General Discussion)

zorodluffy on 14/10/2022 - 17:00
Last edited 26/10/2022 - 17:50 by 1 other user

Has anyone else got a email from medibank? theyve said there has been unusual activity in their network, this means they could potentially have been hacked right? and customer details leaked

Information from Medibank's website is as follows

Update at 9.30am – Wednesday, 26 October

Since yesterday’s announcement, our cybercrime investigation has now established that the criminal had access to:

  • All ahm customers’ personal data and significant amounts of health claims data 
  • All international student customers’ personal data and significant amounts of health claims data 
  • All Medibank customers’ personal data and significant amounts of health claims data

As previously advised, we have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data. 

As a result, we expect that the number of affected customers could grow substantially.

Our priority is to continue working to understand the specific data that has been taken for each of our customers so that we can contact them directly to let them know. 

We have a comprehensive support package for customers who have had their data stolen which includes:

  •  Financial support for customers who are in a uniquely vulnerable position as a result of this crime. They will be supported on an individual basis.
  •  Free identity monitoring services for customers who have had their primary ID compromised
  •  Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime 

And we are offering all customers access to:

  •  Specialist identity protection advice and resources from IDCARE
  •  Medibank's mental health and wellbeing support line

Mod Update: The title of this forum post was "Medibank Group Unusual Activity around Network, Hacked?". It's been updated to reflect the current situation. Category changed to Internet.

Internet

Related Stores

Medibank Private
Medibank Private

Comments

  • Bangers on 14/10/2022 - 17:09

    Yes, pretty vague language used in their comms but likely they've had a security incident. Atm they're claiming there's evidence that customer data has been accessed or leaked.

    • zorodluffy on 14/10/2022 - 17:19

      oh dam, another data leak, looks like i gotta change my license again!

      • Bangers on 14/10/2022 - 17:32

        maybe wait until they confirm exactly what has been leaked, if at all.

  • Ocker on 14/10/2022 - 17:28

    It's been all over the press for the last 24 hours

  • geek001 on 14/10/2022 - 17:33

    Hmm.. what was leaked though? Based on my own experience, it is not unusual for business databases to be hacked, especially small businesses. How do I know? I usually use their business name in the email address I use to sign up to their newsletter. If I get spam to that email address, then I can only conclude that the business database has been hacked.

    • Unorthodox on 14/10/2022 - 17:36

      Could be serious enough - personal info, health info, insurance claims, etc

  • AndyC1 on 14/10/2022 - 18:29

    Yes, I got an email from Medibank yesterday.

  • Kiro on 20/10/2022 - 08:04

    well i got an email from then yesterday informing of the data leak.

    i might as well start using an alias, i managed to dodge the optus leak as i am a customer but have not been informed of any of my data being leaked.

  • yoquierotaco on 20/10/2022 - 10:28

    Got an email from Medibank:
    “I am writing to update you on a new development in relation to the current cyber incident.

    What we know
    Earlier today, we received messages from a group who claim to have removed customer data. We are working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.

    I understand that this may cause you some concern, and I apologise. I want to assure you that the protection of your data remains our priority.

    Our systems have not been encrypted by ransomware, which means usual activities for customers continue. However, our ongoing response to safeguard our networks and systems may require necessary temporary disruptions to our services.”

  • Randolph Duke on 20/10/2022 - 14:09

    Confirmed they got data from AHM and international foreign student systems.

  • Yoopy on 22/10/2022 - 17:57

    Latest update on Thursday - https://www.medibank.com.au/health-insurance/info/cyber-secu…

    Medibank has been contacted by a criminal claiming to have stolen data and who has provided a sample of records for 100 policies which we believe has come from our ahm health insurance and international student systems. This information includes:

    First names and surnames
Addresses 
Dates of birth
Medicare numbers
Policy numbers
Phone numbers 
Some claims data, including the location of where a customer received medical services and codes relating to their diagnoses and procedures.
  • tekisei on 26/10/2022 - 12:08

    Wednesday, 26 October

    Since yesterday’s announcement, our cybercrime investigation has now established that the criminal had access to:

    All ahm customers’ personal data and significant amounts of health claims data 
All international student customers’ personal data and significant amounts of health claims data 
All Medibank customers’ personal data and significant amounts of health claims data

    …wonderful

  • Cherry12 on 27/10/2022 - 23:28

    They are releasing the information really slow! As if they are completely unaware of the extent of the breach.

  • ccasey on 08/11/2022 - 17:58
    Merged from Medibank customers - stay or leave

    What can Medibank customers do to protect themselves after cyber attack? Is it wise to change health fund?

    • lunchbox99 on 08/11/2022 - 18:03
      +4

      So people will know I have night terrors and a problem with buttock implants. That's fine. I'm staying.

    • iNeed2Pee on 08/11/2022 - 18:05
      +2

      My username gives my condition away…so I will also stay.

    • bobbified on 08/11/2022 - 18:16
      +1

      What can Medibank customers do to protect themselves after cyber attack?

      Look for the recent threads about the Optus hack. Replace the word "Optus" with "Medibank" and you'll have plenty of answers.

    • ozbs25 on 08/11/2022 - 18:19

      I don't think we'll change. People knowing that we have bad eyes and bad teeth won't change anything.

    • Ocker on 08/11/2022 - 18:28
      +8

      Bit late to change - the damage is already done

    • KangaDrew on 08/11/2022 - 18:29
      +2

      I got hit with Optus, Energy Australia and Medibank, so I've simply given up on life now.

      • try2bhelpful on 08/11/2022 - 19:10
        +1

        So what else do you have so we know which companies to avoid.

      • jolee3 on 08/11/2022 - 21:18
        +1

        We are the same…trifecta. We might change if any competitors come up with good sign up deals, but otherwise no real point.

        • KangaDrew on 08/11/2022 - 23:16

          I'm on a 13 year old grandfathered corporate policy that is a boatload better than anything on the market today, and it's well, WELL below what a typical policy would cost if I were to take out a new one. So I'm kind of stuck with Medibank for now. I just need to sort out new ID.

    • dogboy on 08/11/2022 - 19:39

      Annoying as I left them a number of years ago but they still had all my stuff on file :(

    • boomramada on 08/11/2022 - 19:45

      Im done by both optus and medibank, no point leaving damage is done. I willing leave if there is a better deal, but not right now.

    • Benoffie on 08/11/2022 - 19:46
      -3

      Whos with them anyway? Overpriced.

    • AndyC1 on 08/11/2022 - 19:53

      Looks like you have NOT read the emails medibank have sent you as they have the answers to your first question.

      As for moving it's up to you.

    • ddhar on 08/11/2022 - 20:56

      It's not like Medibank will delete your data even if you leave.

      Personal example: I got a letter from Optus, telling me my details had been leaked. However, I left Optus many years ago (can't remember but definitely more than 8 years ago). Go figure…

      • boomramada on 08/11/2022 - 21:09

        By law they have to keep for 7 years. And if you goto a another company what is the chance of won't happen again?

    • Hydralyte on 08/11/2022 - 21:02

      The non-physical illnesses are what worries me unfortunately. Few people in my family suffer from disorders which they don't want disclosed to their employers. One of them is a doctor.

    • easylife on 08/11/2022 - 21:48

      My debit card got leaked already and used in amazon UK 2x charges of $45.31.. i'm not on a big health care plan but i would rather change providers then stay. I'm with AhM.

      • ozbs25 on 08/11/2022 - 22:41

        I don't know think any credit card info got taken from Medibank. Would they have been gotten from somewhere else, perhaps linked via some info they got from Medibank?

        • easylife on 09/11/2022 - 00:07

          No idea but only happened after medibank hack announcement.. I'm very tech savvy and don't click random links from emails or anything like that.

          • avoidfullprice on 09/11/2022 - 08:10
            +2

            @easylife: That could just be a coincidence.

            • easylife on 10/11/2022 - 23:46

              @avoidfullprice: You could be right, but i'm still unsure as to how it happened.. Anyhow i've since cancelled my debit card and requested a new one. I also got the charges reversed thankfully.

          • ozbs25 on 09/11/2022 - 13:01

            @easylife: There are fraudulent payments made using credit cards all the time. I've had to cancel at least one credit card as someone booked a taxi or something in Sydney. It was flagged by my bank and reversed straight away.

    • mrpickle on 08/11/2022 - 22:33
      +1

      The companies that got hacked will probably be the most secure ones going forward as they get full security audits and plug all the security holes.

    • Sinnerator on 09/11/2022 - 07:58

      Join the class action, I just saw it on a real tv in a cafe.
      Centennial Lawyers I believe.

      • Ghost47 on 11/11/2022 - 18:42

        I will be happy to receive $100,000 from this class action… ah, I can dream.

  • jizmo on 09/11/2022 - 10:34

    What would you pay to find someone that you don't knows health?
    No one gives a phuck.

    They're trying to pull heart strings to get money.
    That's what a piece of shit does.
    That is all a hacker is.

    • cerealJay on 09/11/2022 - 15:42
      +1

      Don't forget to direct some of that anger to the incompetent person contracted by Medibank, who failed to secure their credentials.

      As far as I've heard this breach wasn't a "break in" where hackers stay up all night bashing their keyboards while Matrix-style code falls down the screen. It sounds like someone was low-level duped, or otherwise failed to secure their login details. The obvious 2-factor question was asked by an ABC journo, and the Medibank boss basically dodged the question and replied with damage-control speak.

      • CacheHunter on 10/11/2022 - 01:12

        And the government needs their share of the blame. Because Medibank are an insurance company, they are strictly regulated - see CPG 234 here. APRA inspects all of its regulated entities and imposes conditions and penalties for failures to comply, so its almost inconceivable that someone in APRA hadn't signed off on Medibank's security practices.

        • cerealJay on 10/11/2022 - 11:09

          Yes that's true also. The processes and security standard baselines need to be strictly enforced and audits made available regularly.

  • Cherry12 on 09/11/2022 - 19:09

    Too bad that there hasn't been an outrage like with Optus. Medibank has been very slow to provide updates.

    • cerealJay on 10/11/2022 - 12:09
      +2

      Not sure what you're talking about. There's been plenty of outrage and media attention. Not enough? You want more outrage? LOL

      • Cherry12 on 10/11/2022 - 22:56

        I feel like when it happened with Optus it was all over the news and now only 1 or 2 articles about it.

  • ECE on 10/11/2022 - 01:19

    Who made it to the naughty or good list?

    • CacheHunter on 10/11/2022 - 11:41

      Plus, from this morning, there also looks to be an 'additional' list.
      It seems inevitable that all of our records will eventually make it into the public domain. Though i doubt any of my records will be of interest to anyone, these developments mean that all of the past Medibank offers no longer look like a bargain and I'm wishing that i hadn't switched.

  • CacheHunter on 10/11/2022 - 11:30

    Someone seems to have set up a hibp style website based on the files available from the hackers blog.

    https://medibank.club/

    I've no idea who the developer is, but based on the discussion on Whirlpool, it seems to be safe.

  • Ghost47 on 10/11/2022 - 14:26

    Well they’re releasing more data.

    By not paying the ransom Medibank are just hurting themselves. I’ll be leaving to HCF and all their customers should do the same. Let’s hope other companies have stronger cybersecurity standards…

    • try2bhelpful on 10/11/2022 - 20:19

      I wouldn’t guarantee that they have stronger security. MediBank should not pay the ransom, there is no guarantee these guys wouldn’t take the money and then demand more later on. Blackmailers are known to do this.

      Frankly, MediBank Security will probably, end up with better security than the other funds.

      • Ghost47 on 10/11/2022 - 20:30

        I agree there’s no guarantee, but by not paying the ransom it’s guaranteed they’ll leak the data.

        People say that advice is to not pay ransoms but that basically lets the company off scot-free whilst the consumer is guaranteed to have their data leaked. The CEO has been saying these hackers are scumbag criminals, I would say the exact same thing about Medibank, they’re scumbags because they didn’t take the right steps to protect their customer data.

        In this case I think it’s much better to give the hackers the benefit of the doubt, if after they get the ransom they still leak the data well at least Medibank can be seen to have tried to do something about it.

        These breaches are a wake up call to all Australian organisations, I wouldn’t say that other companies like Telstra, HCF, Qantas etc. aren’t already trying to shore up their cyber practices after these leaks. Medibank might eventually have better security but it’s frankly too little too late for the millions of customers that have had their data leaked.

        • try2bhelpful on 10/11/2022 - 21:30

          We will just have to disagree on that. The more you pay them the more likely they are to do over some other company. If people didn’t pay then these people wouldn’t do it. I think what MediBank has shown is they will take the hard option. If they’d paid them the customers would’ve just be waiting for the data to be released anyway.

          MediBank, certainly, have done the wrong thing but that doesn’t mean the hackers aren’t scumbags criminals. If I left my door unlocked I’d still be pretty pissed off if someone came in and stole all my stuff.

          I do agree the breaches are a wake up call to all Australian companies. they need to put security over profit and convenience.

          • Fybre on 11/11/2022 - 14:34
            +2

            @try2bhelpful: Of course they will do over other companies, they will do that regardless of payment or not. They want the clout, the notoriety. An established group aren't going to screw themselves over by getting millions of dollars and then releasing the data mainstream. Then the next organisation would not even consider paying.

            Of course these people are scumbag criminals, but Medibank are scumbag corporate.

            Medibank didn't even try to negotiate, they probably could have got it for half the amount.
            They should have paid.

            • try2bhelpful on 11/11/2022 - 16:01
              +1

              @Fybre: You don’t negotiate with blackmailers. Period. There is no guarantee these guys won’t come back for more money. How do you know these guys are “main stream”? People have no idea on what will happen to their data even if the ransom was paid. This is painful but it is certainly. Right now this would hang over people for the rest of their lives anyway.

      • Ghost47 on 11/11/2022 - 17:24

        I guess I just want to play devil’s advocate and think the other way to what is considered to be “best practice” or something along those lines. Should we automatically listen to what the ACSC say just because they’re the ACSC, considering these attacks are somewhat nascent in Australia (that we know of anyway)? What would happen if the hackers were paid, and they say they deleted the data, no more data leaked and then everything was fine? I would say it’s certainly possible.

        Alastair MacGibbon, the chief strategy officer at CyberCX said that companies shouldn’t rule out payment as a blanket response to these sort of ransomware attacks (from ABC Q+A).

        Not paying the ransom guarantees the data will be leaked. I think as humans we all need to assume positive intent in general and more often, instead of automatically going down the route of “well if we give them what they want, they of course will still leak the data anyway”.

        As a customer of Medibank I would appreciate them more if I saw them actually trying to fix the problem instead of constantly blaming these “scumbag hackers doing a dog act” acting like they’re the victims when in fact it’s their millions of customers who are victims of their laziness and blasé attitude toward their cybersecurity practices. As I said, they are basically getting off scot-free by acting like a victim, unless of course a class action lawsuit is put against them (and I hope one is).

        • scotty on 11/11/2022 - 17:35

          It's because we assume "positive intent in general", the data got stolen. Software developers should always code defensively, as they should assume most people are scumbags trying to break the system.

          I agree that it's definitely Medibank's fault, and all companies with online presence should really shield up & audit their system if they want the trust from average consumers. However paying ransom is basically funding the criminal group. May/may not stop the hackers from releasing the private data, but will definitely give them more resources to attack other systems.

          • Ghost47 on 11/11/2022 - 18:32

            @scotty: Assuming positive intent doesn't mean we should all go around posting our bank logins and passwords on the internet or that companies should advertise that their systems are wide open for attack. In this context it is just to ask "well what if these guys do actually delete the data after we pay them?" instead of "they will definitely still leak the data because the ACSC says so."

            If Medibank are staring down the barrel of a multimillion dollar class action law suit, the threat of customers leaving en masse, sensitive data about millions of Australians being leaked etc. I would say the decision is not that simple and the decision shouldn't be justified by simply saying "well that's what the ACSC said to do", but it's clear to me the CEO and the board likely haven't bothered to consider these factors.

            It's very possible that by not paying Medibank will lose a lot more than the amount of ransom requested. I would have no issue if in 5 years' time Medibank ceased to exist. As I mentioned I'll be leaving to HCF (my dentist recommends them and says they cover costs 100% compared to Mediwank).

  • oblueknighto on 11/11/2022 - 11:44
    +1

    This is just horrible. They sent so many emails out and still didn't do anything. They even provided a BS reason to not pay the ransom.

    • clover on 11/11/2022 - 12:46
      +1

      I agree. It might be weird but I feel like I trust the hackers more than Medibank. So far, it has just been all business talk with Medibank. The hackers' communication has been clear and they act according to what they promise

      • try2bhelpful on 11/11/2022 - 13:54

        You trust people who break into an organisation and steal people's data, demand money and then release the data out onto the internet? This isn’t a video game. Whatever MediBank may have lacked in security these scum bags are the criminals here. I hope they catch them and they go to jail fir a, very, long time.

      • Ghost47 on 11/11/2022 - 18:48

        Everything the CEO has said has been absolute fluff. Complete zero value add to the situation. I would actually respect him more if he just kept his fat gob zipped up.

        • montorola on 12/11/2022 - 13:48

          Do you think that maybe behind the scenes they HAVE actually paid the ransom but are playing it cool for the media?

          Just so that in future, hacker groups don't bother because a ransom won't be paid (so they think).

          • Ghost47 on 12/11/2022 - 13:51

            @montorola: That’s an interesting suggestion. I reckon they haven’t actually paid since some data has been leaked.

  • the fig man on 11/11/2022 - 17:07

    So I got an email confirming my data was taken — name, bday, address, email, mob, Medicare.

    Most of these I can’t change. Except Medicare. What are you guys doing ?

    • Ghost47 on 11/11/2022 - 18:38
      +1

      What are you guys doing ?

      The answer is obviously nothing. They just sit there wanking at their desks all day.

  • T-man on 11/11/2022 - 17:59
    +1

    My Velocity account has been suspended due to this cyber attack, waiting for further instruction from Velocity to activate the new account.

  • Spaceback on 12/11/2022 - 13:21

    There is not actually much we can do to prevent loss of data other than to train businesses more effectively. This costs way too much money and even when you are employing people you don't know whether they are security conscious…

    I do believe we can do more to fix the cybersecurity issues in Australia which would include creating a red team in the DSD and getting them to do free penetration testing for businesses. The problem is even if we uncover those vulnerable computers, the law probably cannot force them to upgrade. Maybe we need to change the laws to compel bosses to invest more into cybersecurity, maybe with the condition that a vulnerability has been discovered by the DSD or something.

    You won't believe how many businesses are still using unpatched Windows 7. Most bosses will also not listen to your concerns about cybersecurity and unless your job description is related to cybersecurity, fat chance you will be able to prevent attacks. I know I had a hell of a hard time, and the only real change I managed to action and squeeze through was to upgrade the OS to Windows 10. This buys them a few years of security updates, but it isn't really enough.

    I hear the media stating we can just attack the hackers. I do not think it is that easy. Hell, when the firm I worked at was attacked, I was helpless because I wasn't the weakest link. Apparently the boss just sent money to the hackers. I did not even have a say in how this happened. It was not until we had someone calling in on the phone asking where their money was did I realise we got pwned. How the heck do we fight back? We can't. We can scream and rally support in the public but damn, shit just happens.

    We also need to change the laws so White Hat Hackers are given more leeway to help. At the moment, I'm not going to be able to go out there and help. It's a bit messed up.

  • Hydralyte on 13/11/2022 - 14:29
    -1

    Does anyone know how to access the leaked data? Would like to check what data is out there relating to people I know who are with medibank

    • oblueknighto on 13/11/2022 - 16:22
      -1

      Get Tor and find the leak released on their 'Happy Blog'.

      • Hydralyte on 14/11/2022 - 19:31
        +2

        ta found it

    • T-man on 16/11/2022 - 21:47

      Flooding on Reddit

  • Ghost47 on 22/11/2022 - 11:31
    -1

    Agree with what is mentioned in this article. Medibank could have a massive bill on their hands if a class action lawsuit goes through. By paying the hackers they could very well have saved themselves a lot of money, i.e. pay a $9.7m ransom vs paying $700m in a class action lmao.

    As I said, CEO is an idiot and seems to be only considering the “don’t pay” advice whispered in his ear from the ACSC and not actually using his CEO brain to think about what is best for the customers and the business.

    Can bypass paywall by hitting escape before the page loads fully.

    I’ve registered interest for both the Maurice Blackburn and Centennial Lawyers/Bannister class actions and I encourage everyone else to do so. Let’s destroy Medibank!

  • Ghost47 on 01/12/2022 - 10:21

    Well, as we all knew would happen, all the data has been leaked now because the CEO and ACSC seem to think we’re in some sort Hollywood movie where some kind of protagonist will come in to save the day at the last minute. Sadly we do not live in a Hollywood movie, and the hackers have done as they said they would.

    I heard on the radio the government will now try to flag anyone whose info has been leaked. Privatise profits, socialise losses.

    I myself have signed up for updates on the Maurice Blackburn class action lawsuit, others should do the same. I hope Medibank lose a lot more money than they would have if they had simply paid the ransom (or part of it, like $5 million). Great example of what NOT to do when it comes to having your data held at random.

    • Cherry12 on 01/12/2022 - 18:54

      Are there several providers doing the class actions? I signed up with Bannister Law. Can I sign up with both?

      • Ghost47 on 01/12/2022 - 19:43

        Yeah so Maurice Blackburn and Bannister Law + Centennial are looking into it.

        I signed up to both but mainly getting emails from Maurice Blackburn unless I’ve missed some.

        • Cherry12 on 02/12/2022 - 11:01

          Thanks! Will sign up to the other as well.

          • Ghost47 on 02/12/2022 - 12:18
            +2

            @Cherry12: The next best thing you can do is just end your services with Medibank and go elsewhere.

            Don’t give those bastards any more of your money. The company should wither and die off after they lack of governance on this issue.

  • Space Clown on 01/12/2022 - 11:53

    Beautiful, apparently Aussie Cossack rates a mention too. lol.

    I guess he wasn't bluffing that he had contact with the adversaries. (honestly thought he was. lol.)

    Clown World!

  • RickyPoontang on 08/12/2022 - 10:29
    Merged from Details hacked by medibank, how to access dark web?

    It's confirmed, I am one of the medibank victims.

    Does anyone know how to acces the dark web and also how I might be able to buy my own details?

    • CrispyChrispy on 08/12/2022 - 10:32
      +2

      … you're kidding, right?

      • RickyPoontang on 08/12/2022 - 10:36

        😂😂 50/50

        • Twix on 08/12/2022 - 13:27

          If you know, you know. Don't go looking for it. The data you find can be fake and do more damage with malware. Watch out for phishing email scams, SMS scams with links and random phone calls from scammers offering things like identity theft protection, compensation and wanting to gain remote access to your devices.

          Medibank Private data breach

    • Cheaplikethebird on 08/12/2022 - 10:32
      +3

      To access the dark web you need to click Ctrl+Shift+N while in Chrome.

  • WhatWhoWhyUsername on 15/12/2022 - 15:39

    I've received this link from AHM, should I be concerned?
    Has anyone proceed with the IDCARE and can advise what happens next.
    https://help.ahm.com.au/hc/en-us/articles/5855156322319-Cybe…

    • Cherry12 on 18/12/2022 - 12:43

      I havent received any link. Im with Medibank.

      Did you get an email to specify which documents/data were hacked? I got it awhile ago.

      • WhatWhoWhyUsername on 20/12/2022 - 10:08

        Yes I did, they also sent me an SMS with a code last week, and that code referred to the link I sent above.

Login or Join to leave a comment
Login Join