Australia's Largest Insurance Company Won't Pay Ransom Although 9 Million Customer Data Were Hacked

Medibank Private Ltd, will not pay the ransom to hackers. (photo: Twitter @medibank)

JAKARTA - Medibank Private Ltd, Australia's largest health insurance company, on Monday 7 November said no ransom payments would be made to criminals responsible for the recent data theft. In the hack, about 9.7 million customer and former customer data have been compromised by hackers.

Highlighting the findings of the company's investigation to date, Medibank confirmed that names, dates of birth, addresses, phone numbers and email addresses for approximately 9.7 million current and former customers were accessed in the data theft.

Cybersecurity concerns in Australia have risen sharply in recent times, with government reports showing one attack every seven minutes.

"Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited possibility of paying the ransom to ensure the return of our customer data and prevent it from being published," said Medibank CEO David Koczkar.

Koczkar added that paying the ransom could encourage hackers to blackmail customers directly, injuring more people. The insurance company reiterated that business operations remained normal during the cyberattack, with customers continuing to access healthcare services.

Medibank warns its customers to be extra vigilant as criminals can leak data online or try to contact customers directly.

The Australian company has also seen a string of hacking attacks in just the last few weeks, while its Singapore Telecommunications unit Optus has revealed breaches of up to 10 million customer accounts, and Woolworths revealed the data of millions of customers using a compromised cheap shopping website.

Medibank said it would commission an external review to learn from cyberattacks while expanding its Cyber ​​Response Support Program.