Medibank hack: Email reveals employee details hacked due to data breach

The Medibank data breach has already affected 9.7 million customers — and now, that staggering number has increased even more, after it emerged that employee details had also been compromised.

Last month, the private health insurance giant announced it had had a “cyber accident,” along with Medibank-owned ahm.

About 5.1 million Medibank customers, 2.8 million AHM customers, and 1.8 million international customers were affected after obtaining employee credentials with high-level access to Medibank’s systems and selling them to hackers on the Russian cybercrime forum.

The group has released highly sensitive customer data on a dark web blog linked to the REVil Russian ransomware group since last week, including information about people’s mental health status, drug and alcohol use and previous pregnancy terminations which may include nonviable pregnancies such as fetal anomalies, ectopic pregnancy, pregnancies Staphylococcal, miscarriage and readmission for complications such as infection.

But an email sent to Medibank employees and seen by revealed that hundreds of current and former employees were also affected, along with millions of customers.

“Hello everyone. We deeply regret to inform you that some data related to your work machine for the time you were working at Medibank was stolen in the recent cybercrime event,” read the alarming email to staff.

“We don’t believe the criminal had access to success factors or any payroll data, but they did gain access to an Excel spreadsheet with information about your device. On Wednesday, November 9, the criminal posted this information on the dark web.

“We are aware of the distress this may cause you and we apologize for this happening.”

The email confirmed that the file included information such as employees’ full names, mobile phone numbers and device information, and warned that the data could be used “to increase spam such as spearfishing and social engineering.”

The email explained that spear phishing targets a specific person or group of people claiming to be from a trusted sender, while social engineering is the art of manipulating people, so they provide confidential information such as passwords.

The company urged employees to be extremely careful when using their mobile phones and to take a range of additional precautions, including being alert for any phone or email scams, checking any communications received for legitimacy, changing passwords regularly and avoiding opening links within texts. Or emails from unknown or suspicious numbers.

The email concluded by thanking the workers for their “understanding” as the company “continues to respond to this cybercrime.”

A Medibank spokesperson confirmed that hundreds of former and current employees have been arrested in the breach.

“The files released by the criminal include an Excel spreadsheet of approximately 900 current and former employees — including their name, email address, cell phone number, and device information including the asset number and phone name (serial number and IMEI number),” the spokesperson said in a statement sent to news.

“While security experts have told us the security risks are low, the information can be used to increase spam like spearfishing.

The hacker will not be able to use the information to access people’s phone data or hack their phones remotely. We have also taken steps through our telecom provider to prohibit the porting of phone numbers to Medibank devices.

“We have offered our employees and former employees the option to change their mobile phone number at no cost to them.

“We also have a specialist psychiatrist available on request.

“For employees who are clients, they can access the same support as any other Medibank and ahm client.”

Looming mass movement

The disclosure comes after class actions at Bannister Law and Centennial Lawyers to investigate a serious data breach joined forces for a potential class action against the health insurance giants.

Charles Bannister, director of Bannister Law, told that lawyers had already been “inundated” with potential claimants, and said countless clients had already been seriously affected by the hack.

“There are understandably distressing victims of domestic violence in connection with their address details being made public. We are seeing widespread cases,” he said.

“Some individuals literally live in fear for their lives if their addresses are made public, and others live in fear of public ridicule, losing their jobs, and severing relationships if their sensitive medical information is made public.

“Others are at risk of extortion if their HIV status or other health information is made public. Some Medibank and ahm clients will be police or security officers who are at significant personal risk if their personal data and those of their close family members are made public.”

Bannister Law Class attorneys and Centennial Lawyers are now preparing for legal action to begin a class action lawsuit, and they expect the lawsuit to be filed soon. The law firms are urging all affected current and former Medibank clients, including international clients, to Register here.

Originally Posted as a new twist on Medibank hack nightmare as email reveals employee details also hacked

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *