(Reuters) – Australia’s largest health insurer said on Thursday that a criminal had apparently stolen customers’ medical information as part of a massive data breach, fueling concerns over a wave of high-profile cyberattacks.
Medibank Private Ltd., which covers one-sixth of Australians, said an unidentified person had revealed that the company had stolen personal information about 100 customers, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data, first disclosed by the company a week earlier.
The company did not say how many of its 4 million customers were likely to be affected but warned that the number was likely to rise. The Australian Federal Police said it had launched an investigation into the breach, without commenting further.
The revelation adds another layer of anxiety to a wave of cyberattacks on Australia̵7;s biggest companies since No. 2 telco Optus, owned by Singapore Telecommunications Ltd., revealed a month ago that data from up to 10 million customers may have been stolen.
Until now, most public comment has focused on the risk of hackers using stolen data to access bank accounts. The Sydney Morning Herald reported receiving a message from a person claiming to be the Medibank hacker threatening to publish medical records of high-profile individuals unless the person was paid.
“What we have here is … healthcare information and that alone being made public could cause enormous harm to Australians and that’s why we’re so committed to this,” Cyber Security Minister Clare O’Neill told the Australian Broadcasting Corp.