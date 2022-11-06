Medibank will not pay any ransom to the cybercriminals which accessed the personal details of nearly 10 million of its customers.

In a statement by the insurance company on Monday morning, CEO David Koczkar said the decision was made upon “extensive advice” Medibank received throughout its investigation and is in line with the position of the Australian Government.

“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Mr Koczkar said.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.

“It is for these reasons we have decided we will not pay a ransom for this event.”

Medibank confirmed names, date of births, addresses, phone numbers and emails were gained access to as well as:

Medicare numbers (but not expiry dates) for ahm customers

Passport numbers (but not expiry dates) and visa details for international student customers

Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers.

Health provider details, including names, provider numbers and addresses

Primary identity documents – for example drivers’ licences, health claims data for extra services and credit and banking details were not accessed.

