Hundreds of Australians’ personal information has been leaked online after being stolen from the country’s largest health insurer, Medibank.
Some health claims data, including medical procedure history, as well as names, addresses, birthdates, and government ID numbers, were made public.
PM Anthony Albanese stated that as a Medibank customer, he is concerned that their data may become public.
“This is really tough for people,” he said on Wednesday.
The data of 9.7 million Medibank customers was stolen last month. A sample was released on Wednesday after the insurer refused to pay a ransom.
It comes amid a string of high-profile data breaches in Australia.
The release of private health information can be “distressing and embarrassing”, Australian Federal Police said, warning those whose data is yet to be released are at risk of blackmail.
“Please do not be embarrassed to contact police… if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made,” Assistant Commissioner Justine Gough said.
All customers affected – whether their information has been publicly released or not – are also at risk of phishing scams, she said.
Medibank has apologised for what it has called the “malicious weaponisation” of private information, and promised to work “around the clock” to inform customers whose information has been published.
But Home Affairs Minister Clare O’Neil – who has previously said Australia is “a decade behind” in cybersecurity – has defended Medibank, saying the company followed government advice in not paying the ransom.
The group responsible are “scumbags” and “disgraceful human beings”, she said.
Medibank says the information was obtained after login details allowing access to all its customer data was stolen.
The “criminal” also obtained access to data from its subsidiaries, including ahm insurance. Ahm is a smaller health insurance brand owned by Medibank.
While millions have been affected, the most serious breach was for around 500,000 customers who have had private health information stolen, Medibank said.
But the company has stressed that no credit card or banking details were accessed.
In September Australian telecommunications giant Optus was also targeted for extortion, after the personal data of about 10 million customers was stolen in what the company called a cyber-attack.