The thief demanded a ransom and is said to have threatened to reveal the diagnoses and treatments of famous clients.
Medibank says its priority is to uncover specific stolen data relating to individual customers and share that information with those customers.
The company previously said the alleged breach was limited to subsidiary branches and foreign students.
“Our investigation has now determined that this criminal had access to all of our private health insurance customers’ personal data and a significant amount of health claims data. theirs,” Medibank chief executive David Koczkar said in a statement to the Australian Stock Exchange.
“This is a terrible crime – it is designed to cause maximum harm to the most vulnerable members of our community,” added Koczkar, with an apology to guests. row.
The government has been planning urgent legislative reforms to cybersecurity regulation since a hacker stole the personal data of nearly 10 million current and former customers of Optus, the second-largest wireless carrier. two from Australia.
On September 21, Optus learned that the personal data of more than a third of Australia’s 26 million population had been stolen.
In introducing the amendments to the Privacy Act to Congress on Wednesday, Attorney General Mark Dreyfus referred to both the company and MyDeal, an online retail intermediary that lost his data. 2.2 million customers in a hack revealed two weeks ago.
“As the recent Optus, Medibank and MyDeal cyber attacks highlighted, a data breach has the potential to cause serious financial and emotional harm to Australians and this is unacceptable.” Dreyfus told Congress.
“Governments, businesses and other organizations have an obligation to protect Australians’ personal data, not to treat it as commercial property,” added Dreyfus.
The government criticizes companies for amassing more customer data than is necessary to monetize it in ways unrelated to the services for which the information is provided.
Penalties for serious breaches of the Privacy Act will increase from AU$2.2 million ($1.4 million) currently to AU$50 million ($32 million) under regulations proposed modifications.
A company can also be fined 30% of the value of its sales for a specified period if that amount exceeds AU$50 million ($32 million).
On Wednesday, Medibank said it had no cyber insurance and estimated the hack would reduce its income from AU$25 million ($16 million) to AU$35 million ($22 million). ) early next year.
Medicare’s trading halt was lifted on Wednesday, and shares fell more than 14% in early trading. (AP) SCY SCY