Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Australian health insurer Medibank is being extorted for customers’ data in the nation’s second major cybersecurity breach in a month. Photo: AP

Hackers threaten to leak Australian celebrities’ health data stolen from Medibank

  • The private health insurer said hackers were claiming to have stolen 200 gigabytes of data and demanded a ransom
  • The government described the breach as a ‘huge wake-up call for the country’

Hackers have threatened to leak the stolen health data of 1,000 famous Australians in a cybersecurity incident described by the government on Thursday as a “huge wake-up call”.

Medibank, one of Australia’s largest private health insurers, said on Thursday that the hackers were claiming to have stolen 200 gigabytes of data.

“The criminal has provided a sample of records for 100 policies,” it said in a statement to the Australian stock market.

“This claims data includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.”

The insurer announced a trading halt as details of the hack emerged on Wednesday morning.

The hackers threatened to leak or sell the data, starting with 1,000 high-profile Australians, unless Medibank paid a ransom.

Data hack in Australia could cost SingTel US$400 million in profits

The company did not say how many of its 4 million customers were likely to have been affected but warned the number was likely to rise. The Australian Federal Police said they had opened an investigation into the breach, without commenting further.

The personal information of some nine million Australians – almost a third of the population – was exposed last month in a hack targeting telecoms company Optus.

The Optus hack was one of largest data breaches in Australian history.

Home Affairs Minister Clare O’Neil said on Thursday that cybersecurity could no longer be taken for granted.

“Combined with Optus, this is a huge wake-up call for the country,” she told ABC Radio.

“This is the new world that we live in. We are going to be under relentless cyberattack, essentially from here on in.”

The Optus hack was one of largest data breaches in Australian history. Photo: Reuters

Cybersecurity experts said it was unclear whether the data breach disclosures were related, given the varied nature of the attacks, but the publicity generated by the Optus attack may have drawn attention in hacker networks.

“When you do have a highly visible breach like Optus in Australia out there, hackers take notice of that and go ‘maybe I’ll have a go down there and see what I can get away with,’” said Jeremy Kirk, executive editor at Information Security Media Group, a cybersecurity specialist publication.

Larger Optus rival Telstra Corp Ltd has disclosed a small breach of employee data, while No. 1 grocery chain Woolworths Group Ltd said an unidentified party gained unauthorised access to the customer database of a bargain website used by 2.2 million shoppers.

Additional reporting by Reuters