Security News > 2022 > October > Health insurer's infosec incident diagnosis goes from 'take a chill pill' to emergency ward

Australian health insurer Medibank has revealed it's been contacted by a group that claims to have its customers' data and is threatening to distribute it.

Today Medibank Group has received messages from a group that wishes to negotiate with the company regarding their alleged removal of customer data.

Australian media report that whoever contacted Medibank has threatened to email personal data to people on the database, to prove they possess data describing the insurer's customers.

If Medibank doesn't discuss payment to prevent wider release, the alleged attackers say they'll sell the data they lifted.

The escalation of the incident comes after Singapore-owned Australian telco Optus leaked nearly ten million records and earned plenty of anger for an inconsistent and unempathetic response.

Between the Medibank breach, the Optus hack, and some smaller incidents, infosec has dominated Australia's news cycle for almost a month.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/20/medibank_data_breach_worsens/