Medibank confirmed that the personal details of 900 current and former staff members have now been implicated in the insurer’s cyber-attack, raising fears of highly targeted scam attacks.

The file, released by Russia-based hackers, includes an Excel spreadsheet containing names, email addresses, mobile phone numbers and “device information” such as staff phones.

The insurer said it has received advice from experts who say the risk to staff is low, but could result in highly targeted spam known as “spearfishing”.

The alleged Medibank hacker released a sample of user data obtained in the cyberattack on the healthcare giant on Wednesday, November 9, 2022. (Composite)

“The files released by the criminal include an Excel spreadsheet of approximately 900 current and former employees – including their name, email address, their mobile phone numbers and device information including asset number and phone name (serial number and IMEI number),” a Medibank spokesman said.

“While security experts have told us the security risk is low, the information could be used to ramp up spam such as spearfishing.”

As one of Australia's largest health insurance providers, Medibank holds information including intimate medical records
As one of Australia’s largest health insurance providers, Medibank holds information including intimate medical records (AdobeStock)

Medibank said they are taking a number of steps to protect affected employees.

“A hacker will not be able to use the information to access people’s phone data or remotely hack their phone. We have also taken steps through our telecom provider to block porting of phone numbers for Medibank devices” the spokesman said.

“We have offered our employees and former employees the opportunity to change their mobile number at no cost to them.

“We also have a dedicated on-call psychologist available.

“For employees who are customers they can access the same support as any other Medibank customer and ahm.”

The text of the scam tricks drivers into thinking they have failed to pay a toll

In total, approximately 9.7 million current and former customers and associated representatives have had a variety of personal data stolen, including names, birthdates, addresses, phone numbers, and email addresses.

The moor giant is at a standstill and refuses to pay the $9.7 million demanded by the hackers.

A team of 100 ADF and federal police officers formed a joint task force to help track down the hackers.

Leave a Reply

Your email address will not be published. Required fields are marked *