Medibank, the Australian health insurance business which claimed to have prevented a ransomware attack earlier this week, has entered a trading halt after criminals claimed to have accessed its customers’ data.
The company announced on Monday that its systems had last week caught “unusual activity consistent with the precursors to a ransomware event” and that it had isolated the affected systems as a precautionary action.
At the time the company stressed this “was done out of an abundance of caution” and that customer data did not appear to have been stolen.
The company’s chief executive David Koczkar said: “We take the protection of our customers’ data very seriously and ongoing investigations continue to show no evidence customer data has been removed from our network.”
However the company, which is publicly listed on the Australian Stock Exchange and is one of the country’s largest health insurance providers, informed traders on Wednesday that it had received an extortion notice from a group that claimed to have stolen 200 gigabytes of data from the company.
An updated statement published on the company’s website said: “Urgent work is underway to establish if the claim [about stolen customer data] is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.”
Medibank’s systems were not encrypted by ransomware, but criminals often exfiltrate data to extort their victims.
“We understand this news may cause you concern and we’re sorry. We will continue to keep you updated on this page as our investigations continue,” the company said.
Medibank, which was formerly government owned before being privatized as a not-for-profit in 2014, has around 3.7 million customers in Australia and reported an annual group revenue of AUS $6.9 billion in 2021 ($4.33 billion USD).
At the time trading was halted, Medibank’s shares had recovered from a 5% drop on Monday.