International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Medibank Admits That All Customer Data Was Exposed

Medibank admits that they had their personal information accessed by ransomware actors, despite denying it previously.

by Guru Writer
October 27, 2022
in Cyber Bites
code on a screen close up
Share on FacebookShare on Twitter

As reported by Medibank, an Australian health insurance giant, every one of its customers had their personal information accessed by ransomware actors—which happened a few days after Medibank had downplayed the aftermath of a recent breach. 

In a newly issued statement, Medibank admitted that the threat actors might have compromised all of its customers’ personal data, including that of international students and policyholders with Medibank business ahm.

In other words, it’s possible that an estimated four million Australians have been subjected to the danger of phishing attacks and follow-on fraud. 

The compromised data may include customers’ names, addresses, date of birth, Medicare numbers, policy numbers, phone numbers, and claims data—international students may even have had their passport numbers stolen. 

“The criminal also claimed to have stolen other information, including data related to credit card security,” Medibank’s statement said. “We are in the process of verifying this allegation. Our procedures restrict us from retaining full credit card numbers and we do not hold CVV numbers.”

At first, Medibank had promised its customers that none of their personal data had been accessed during an extortion attack, as it had stopped the attacking party prior to their initiation of the ransomware payload.

The attackers later contacted Medibank, however—claiming that they had actually stolen nearly 200GB of data from the company before Medibank realized what was happening, and even sent Medibank a sample for verification. 

Since Medibank is still conducting an investigation on the matter, it doesn’t yet know the exact number of affected customers. 

Medibank noted, “As previously advised, we have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data. As a result, we expect that the number of affected customers could grow substantially.”

According to other reports, the breach might have cost Medibank tens of millions of dollars, especially since it lacks cyber-insurance.

Because of the conflicting public statements released by Medibank, customer outrage will only increase, not to mention it will serve as an example as to how Medibank reacts to incidents and addresses them in real-time. 

The managing CISO at Barrier Networks, Jordan Schroeder, championed that companies must make it a priority to improve cyber-resilience—because doing so would facilitate the process of determining the attack blast radius once a threat actor has forced their way into a network.

Schroeder said, “This latest update comes only a few days after the company had said no customer data was compromised, so it certainly raises some alarm bells about the handling of the incident and investigation into the breach,”

“However, in fairness, Medibank is not alone,” he adds. “Breach investigations are a long process, and it can sometimes take months to fully understand the scale and impact of attacks.”

ShareTweet
Previous Post

Armis Announces APEX Manage Program for MSPs and MDRs

Next Post

Salt Security Strengthens Executive Leadership Team as Demand for API Security Accelerates

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol