Cyber Security Update: Medibank Private Cyber Attack

In light of a recent cybersecurity breach, Medibank Private have updated their public disclosure regarding their recent cybersecurity breach, which can be viewed directly here.

They are now advising that a criminal has contacted them and provided 100 records as proof of stolen information, which appears to be legitimate and made up of first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data. The criminal is claiming that they also have credit card information, diagnosis and procedure information and more.

Cyber Security Update: Medibank Private Cyber Attack

Little more is known yet about the cause or breadth of this breach, but, much like the Optus and Uber hacks before it, the same advise applies in this case.

  • Determine if you’re a customer or a customer of a sub-service of Medibank, such as Medibank Private or AHM.
  • Contact Medibank directly — via their customer service contact centres — to determine if your personal information has been compromised, and what their remediation steps are.
  • Follow security advisories and recommendations which we, and Medibank, may share with you, and security groups like the AFP.

This represents a significant exposure, which is why Medibank has been both compelled and obligated to provide a report to their customer base and the Federal Government. They did so quite quickly after discovering the breach and we expect more information to hit the media in the coming days.

Be aware that if your personal information has been compromised that you are at an elevated risk of being impersonated, and that your accounts may be at greater risk of hack through methods including impersonating you to customer support and using details to recover or change passwords for online accounts like email and social media. Keep an eye out for suspicious account activity or contact/detail changes, re-issuing of items like SIM cards, and your ID or payment info being used in unusual states or countries.

We’re always happy to help. If you’d like further advice, have something to contribute, or would like to add to this story, please email

Though there is little we can offer at this early stage in terms of resolution recommendations, we are able to offer advice to you if required, so please feel free to reach out via our support email,, or via phone during regular business hours.