Medibank, Australia’s biggest health insurer has refused to pay ransom to a hacker responsible for data theft that made the personal data of nearly 9.7 million current and former customers of the organization vulnerable.
Regarding the incident, Medibank chief executive David Koczkar said, “only a limited chance” that paying the ransom would result in the hacker giving the stolen customer data back or preventing it from being published.”
According to the company, the data hack included the name, date of birth, address, phone number, and email address of customers and some of their authorized representatives.
The victims of the attack
The private health insurer claims the personal data of roughly 5.1 million Medibank customers, 2.8 million ahm customers, and roughly 1.8 million customers from abroad along with their authorized representatives were exposed in the hack.
More information exposed included medicare numbers of ahm customers, visa details of international student customers, and their passport numbers.
By the end of October, the company said the perpetrator behind the data hack took access to the data belonging to at least 4 million customers, some of which include health claims.
Why the company would not pay the ransom?
For security reasons, Medibank wouldn’t reveal when it received the ransom request or how much it was, but it refused to pay any ransom, stating that its stance “is identical with that of the Australian government.”
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” David Koczkar said in a statement.
He added, “we have decided we will not pay a ransom for this event for these reasons.”
