Thursday, 01 December 2022
Media release

Medibank update

Joint media release with The Hon Mark Dreyfus MP​

​​​​​This morning the Australian Government was advised that the cyber criminals who stole from Medibank and AHM customers have released potentially all stolen data onto the dark web.

The Australian Signals Directorate first engaged Medibank on 12 October, and the Australian Government stands with the victims of this cyber incident.

The release of such sensitive and personal data is morally reprehensible.

We anticipated the release of this data, which is why we activated the National Coordination Mechanism to ensure that all possible support is being provided to Medibank and those affected by this incident. The NCM has met today to respond to this latest development.

As previously stated, we have asked Medibank to develop a one-stop shop to support affected customers.

If you are a Medibank Private customer and are concerned about the data released today, please call 13 23 31.

If you are an AHM customer, please call 13 42 46.

Practical advice to help individuals and businesses boost their cyber security is available on the Australian Cyber Security Centre’s website at cyber.gov.au​

  • Monitor all your devices and accounts for unusual activity. Report unusual activity to cyber.gov.au, IDCARE (1800 595 160), and your bank.
  • Be alert for scams that make reference to Medibank Private. Do not click on links in suspicious emails or messages that reference Medibank Private. Visit scamwatch.gov.au for help.
  • Ensure your devices and accounts have the latest security updates. This includes ensuring your devices and accounts have multi-factor authentication enabled.
  • Replace your Medicare card if you believe it has been stolen. This can be done at no cost through MyGov.​

The Australian Federal Police is conducting two operations in response to the Optus and Medibank data breaches.

Operation Guardian is a joint initiative with state and territory police set up in September to protect customers whose personal information has been released.

Operation Pallidus was launched to investigate the criminal data breach against Medibank Private.

This week the Australian Parliament passed tough new laws to increase the maximum penalties for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of a company’s adjusted turnover in the relevant period.

After a wasted decade for digital reform, the Australian Government is stepping up on cyber security and ransomware.

The Government has begun work on a new cyber strategy for the nation. This will drive a whole-of-nation effort to counter cyber threats.​