Health insurer Medibank Private has confirmed it has received messages from a group wishing to negotiate with the company regarding their alleged removal of customer data.
The update comes less than a week after the company was hit by a cyber attack.
Medibank says it is working urgently to establish if the claim is true, but is treating the matter seriously.
As a result of this, the health insurer has halted trading on the share market until further notice.
Medibank CEO David Koczkar has apologised to customers and said he understood the latest update was distressing.
"We have always said that we will prioritise responding to this matter as transparently as possible," Mr Koczkar said.
"Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.
"We will continue to take decisive action to protect Medibank customers, our people and other stakeholders."
Cyber Security Minister Clare O'Neil said she had spoken to Mr Koczkar, and the Department of Home Affairs was working with all relevant government agencies to respond to the incident.
"Significant support has been provided by the Australian Signals Directorate's Australian Cyber Security Centre, and the Department of Home Affairs," she said.
"The incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety."
'Unusual activity' detected
Medibank first reported "unusual activity" had been detected on its network on October 12.
However, the company said there was no evidence sensitive data, including customer information, had been accessed.
The nature of the business means Medibank holds a range of personal information regarding its customers.
In a statement, the company said its systems had not been encrypted by ransomware, which meant usual activities for customers could continue.
"Our ongoing response to safeguard our networks and systems may cause necessary temporary disruptions to our services," the statement said.
"Investigations are ongoing and Medibank will continue to provide regular updates."
Medibank Private is working with specialised cybersecurity firms and has advised the Australian Cyber Security Centre.
It is the latest major cyber attack to hit a large Australian company and follows the Optus breach last month, which affected millions of customers.