Australia's largest health insurer, Medibank, announced its refusal to pay a ransom to cybercriminals who stole the sensitive data of about 9.7 million of its current and former customers.
Medibank disclosed the breach back in October, taking some of its systems offline as it recorded unusual activity on the network. At the time, it had already received a ransom demand and was verifying it.
Now, the company confirmed that name, date of birth, address, phone number, and email addresses belonging to approximately around 9.7 million current and former customers were accessed by threat actors. This breaks down to 5.1 million Medibank customers, 2.8 million ahm health insurance (part of Medibank) customers, and 1.8 million international customers.
Medibank CEO David Koczkar announced that they’ve received much advice from cybercrime experts, who said that there is only “a limited chance” that paying a ransom will prevent threat actors from publishing accessed data online or will prompt them to return it.
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target,” Koczkar said, adding that for this reason, they will not be making the payment.
Medibank issued a data leak warning to its customers, urging them to stay alert for fraud and phishing attempts.
Australian Cybersecurity and Home Affairs Minister Clare O'Neil said that while paying ransoms isn’t illegal, it’s generally not advised by the government.
The 2019 survey of 1,200 IT professionals by CyberEdge Group published the following findings regarding the success of ransom payment among companies:
- Didn’t pay the ransom and recovered data: 44.4%
- Paid ransom but lost their data: 17.5%
- Paid ransom and recovered data: 27.6%
- Didn’t pay the ransom but lost their data: 10.6%
Overall, only 61.2% of those who paid managed to recover their information.
More from Cybernews:
Subscribe to our newsletter