The attack that exposed around 9.7 million customers' information might be bigger than suspected as the company says they will not be paying for any ransom.
According to In Daily, the Australian health insurer said that the incident turned for the worse with the receipt of a series of extra files from the hackers.
Medibank Says Hackers Has A More Extensive Access To The Database
Aside from customer data, new information suggests that the health insurer's policy records from offshoot allied health medicals.
Bloomberg writes that the attack that compromised the Melbourne-based company initially thought only 4 million customers were affected, but the number appeared to be bigger than that.
Based on new information, Medibank revealed that the hackers have accessed 5.1 million Medibank customers, 2.8 million allied health medical customers, and around 1.8 million international customers.
This amounts to about 9.7 million data which is 5.7 million greater than the initial assessment of 4 million customer data leaked.
While hackers did not access drivers' licenses and other identity documents, Adelaide Now claims that the criminals got a hold of customers' Medicare numbers and passport numbers and visa details.
Additionally, around 160,000 health claims for Medibank customers, 300,000 allied health medical customers, and 20,000 international customers were accessed as well.
Service provider names and locations where customers received the services, codes associated with diagnosis, procedural codes were also in the hackers.
Even the details of their health providers were not safe, including their names, provider numbers, and mailing addresses.
Lastly, around 5,200 My Home Hospital patients also fell victim to the criminals' schemes, and around 2,900 of their relatives' information have been compromised.
Because of this, Medibank will commission an external investigation to ensure that they learn everything about the breach, and to strengthen their ability to safeguard customers, Adelaide Now reports.
Read More: Medibank Confirms Hackers Have Compromised All Its Members' Data
Medibank Refuses To Pay The Ransom Demands To Get The Stolen Data Back
"As we continue to uncover the breadth and gravity of this crime, we recognise that these developments will be distressing for our customers, our people and the community - as it is to me," Chief executive David Koczkar says.
He adds that the malicious attack aims to create a maximum level of fear and damage among the most vulnerable members of the Australian public.
However, Koczkar claims that the company will not be paying any ransom money for the data theft as per the advice of cyber crime experts, Bloomberg reports.
Allegedly cyber security experts think that there would only be a limited chance that paying ransom would get Medibank the compromised data back, and prevent it from being spread.
They even believe that it could have the opposite effect, and encourage the criminals to extort customers, making Austaralians a bigger target for their scams.
Due to the massive data breaches targeting Australians in recent months, the government is set to introduce new legislation to penalize companies that do not properly safeguard their customers' data.
According to In Daily, these new laws also aim give the Australian Information Commissioner more powers to resolve breaches by collaborating with the Australian Communications and Media Authority.
Related Article: Data Breach Hits MyDeal, Impacts 2.2M Users
