Names, addresses, birthdates, and government ID numbers were also disclosed in addition to some health claims data, especially medical procedure history.
As a Medibank client, PM Anthony Albanese stated that he was among many worried that their information would be made public.
“This is really tough for people,” he stated on Wednesday.
Last month, 9.7 million Medibank members’ personal information was stolen. Following the insurer’s decision to forgo payment, a sample was made available on Wednesday.
It happens at a time when Australia has seen a number of high-profile data leakage.
The Australian Federal Police said anyone whose data has not yet been disclosed is in danger of blackmail, saying that the revealing of sensitive health information can be “distressing and embarrassing.”
“Please do not be embarrassed to contact police… if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made,” Assistant Commissioner Justine Gough added.
All affected clients, regardless of whether their personal information has been made public, are vulnerable to phishing attacks, she added.
In addition to offering an apology for what it called the “malicious weaponisation” of personal data, Medibank has committed to working “round-the-clock” to notify clients whose information has been made public.
However, Home Affairs Minister Clare O’Neil has supported Medibank, claiming the corporation heeded government guidance in refusing to pay the ransom. O’Neil has previously said that Australia is “a decade behind” in cybersecurity.
She referred to the perpetrators as “scumbags” and “disgraceful human beings.”
According to local media, the stolen Medibank data was published on a blog associated with the Russian ransomware outfit REvil. The blog post promises to release more information soon.
According to Medibank, the data was accessed after login credentials giving access to all of its customer data were taken.
Additionally, the “criminal” was able to access information from its affiliates, including Ahm insurance. Medibank is the owner of the smaller health insurance company Ahm.
Even though millions have been impacted, the most significant incident involved about 500,000 clients whose sensitive health information was stolen, according to Medibank.
However, the business has emphasised that no banking or credit card information was obtained.
Following the theft of the personal information of approximately 10 million users in what the firm dubbed a cyber-attack in September, the Australian telecoms behemoth Optus was also the target of blackmail.
