SYDNEY, Australia (AFP) — A major Australian health insurer warned Tuesday of a “distressing” threat by a purported hacker to release client data within 24 hours, following a hack affecting 10 million people.
Medibank Private, one of Australia’s largest insurers, told customers to be “vigilant” after the reported threat, issued a day after it had ruled out paying any ransom demand.
The company revealed Monday that a hack originally thought to have breached the data of 3.9 million people had in fact given access to the names, birth dates, addresses, phone numbers and emails of about 9.7 million former and existing clients.
Those numbers included 1.8 million international customers.
The data breach included some people’s health claims along with codes exposing their diagnoses and medical procedures, as well as the passport numbers and the visa details of international students.
On Tuesday, an anonymous poster on a hacking blog — widely cited by Australian media — said that data from the Medibank hack “will be publish in 24 hours.”
It was not possible to confirm whether the poster was connected to the hack or had access to people’s stolen information.
“We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Medibank chief executive David Koczkar said, calling for clients to be “vigilant.”
“We unreservedly apologize to our customers,” he added.
The hacker could also attempt to contact customers directly, the company warned.
Medibank said it was working with the Australian government and with the police, who were trying to prevent the sharing and sale of the stolen data.