If you are a customer of Medibank or its subsidiary ahm, or are an international student with Medibank, or you have been a customer within the last seven years, it’s likely your data has been exposed in the breach.
Medibank has determined the hacker was able to obtain the following information for all customers, including Medibank, ahm and international student customers:
- Name
- Address
- Date of birth
- Gender
- Email address
- Medicare card number (in some cases)
- Health claims made with Medibank
Of these, the date of birth, address, Medicare card numbers and health claims would be of most concern for potential identity theft or extortion attempts if the data was eventually posted online or sold to someone else.
Medibank has also said former customers have been included in the records received so far, as the company is required to keep customer information for seven years under state and territory laws.
Experts suggest not rushing out and changing everything. People should always seek to use strong passwords and multifactor authentication on their online accounts – not just with Medibank.
They can also advise their bank and other financial institutions to put in place additional security checks for their accounts (particularly for over-the-phone transactions).