Medibank hit by cyber attack

Link to my post from earlier this week

Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)

  • Files which contain some Medibank and additional ahm and international student customer data
 
Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)

I'm not surprised at all. Not only that the data was hacked, but by this drip-feeding to manage the message by them. We were already looking to move our policies to another provider, this is just the final nail.
 
I'm not surprised at all. Not only that the data was hacked, but by this drip-feeding to manage the message by them. We were already looking to move our policies to another provider, this is just the final nail.

I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.
 
Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)
yea, you are right
 
We get the emails from Medibank to 'update' us, but considering we have not been insured with them for at least 10 years, that they still have our details in their system is very concerning.
 
I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.
I agree that there's really no incentive for them to drip feed information, and think their approach has been infinitely better than that of Optus.

With that said, I didn't believe them for a minute when they initially said "there's no evidence that sensitive data had been accessed". That's no reason to enter a trading halt on the ASX (imo).
 
Holy moly, now confirmed that every customer of the Medibank group has had their personal and health claims data breached. The implications for this are shocking - what if the health claims data gets into the hands of your employer, your life insurance provider or the general public.

Since yesterday’s announcement, our cybercrime investigation has now established that the criminal had access to:
  • All ahm customers’ personal data and significant amounts of health claims data
  • All international student customers’ personal data and significant amounts of health claims data
  • All Medibank customers’ personal data and significant amounts of health claims data
 
I'm pi$$ed off beyond belief with Medibank Private (and Optus)...at least my medical info is not that sensitive that I would be embarassed if it is publically known :( The Government needs to really tighten up with companies holding your private information with huge fines (I read 30% off annual turnover) so companies spend money to ensure your personal info is kept safe! I would join a class action against Medibank....
 
Last edited:
I'm pi$$ed off beyond belief with Medibank Private (and Optus)...at least my medical info is not that sensitive that I would be embarassed if it is publically known :( The Government needs to really tighten up with companies holding your private information with huge fines (I read 30% off annual turnover) so companies spend money to ensure your personal info is kept safe! I would join a class action against Medibank....

That's part of the solution, but I also think the government(s) need to take a hard look at all their record-keeping requirements etc. It's a bit f a minefield.
Hopefully it doesnt include previous customers, as I left them some time ago.

They do need to retain medical and other records for at least 7 years.
 
They do need to retain medical and other records for at least 7 years.

What annoys me is the keeping of closed accounts 'on-line' I can't see much of a reason for them to be accessible through the internet. If access is required, it could be requested and made available next day.

I went back to Westpac after closing all my accounts abt 4 years prior. When I inquired about internet banking, they said to just log in as before - everything was still set up!!
 
What annoys me is the keeping of closed accounts 'on-line' I can't see much of a reason for them to be accessible through the internet. If access is required, it could be requested and made available next day.

I went back to Westpac after closing all my accounts abt 4 years prior. When I inquired about internet banking, they said to just log in as before - everything was still set up!!

While true, the Medibank attack looks more like someone got onto their internal network.
 
I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.

Just another corporation that insults the intelligence of their customers. Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay? This drip-feeding is pure reputational management, soften them up for the actual full impact.
 
While true, the Medibank attack looks more like someone got onto their internal network.

But that's the same as Optus..
They've penetrated an internal network and copied a large poorly protected and seemingly non-hashed or salted database.

Personally I think the Optus one is worse as they kept 100 points of ID which opens up ID theft and financial crimes.

Medibank (while still scary) seemingly has less ID information.
And for Jo Blow the fact that Medibank paid $800 on Item 3452 in Feb-2017 probably isn't a massive concern.
It might be if you are a 'famous' person.

I'd be far more concerned if some of the Medical Practice software companies were hacked.

Medibank seemingly had no idea about what information was taken, and the initial proof the hackers provided only related to a small subset of their customers.
They've since obviously shown they've got a lot more info
 
Last edited:
Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay?

You'd be foolish to think that any company's number one priority is not shareholders and shareholder wealth. That's why these companies exist.

Might be worth considering doing business with not for profits or mutuals if this is a concern.
 
I believe that both AHM and Medibank have announced that premium increases due on November 1 are being deferred to sometime in January. They are going to have to up that offer considerably. I would expect premium increases to be deferred for at least a year and even a premium holiday for a period, possibly scaled depending upon how long you have been a member.
 
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

I believe that both AHM and Medibank have announced that premium increases due on November 1 are being deferred to sometime in January. They are going to have to up that offer considerably. I would expect premium increases to be deferred for at least a year and even a premium holiday for a period, possibly scaled depending upon how long you have been a member.
Now the shareholders will be concerned!
 
Just another corporation that insults the intelligence of their customers. Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay? This drip-feeding is pure reputational management, soften them up for the actual full impact.
It's a legal requirement to keep shareholders informed.
 

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top