Medibank has detailed what personal information it believes a cybercriminal has accessed from customers in the latest update on the hack of the company's data.
The company believes the personal details of 9.7 million current and former customers were accessed by the criminal.
These current and former customers include 5.1 million Medibank customers, 2.8 million ahm customers and 1.9 million international customers.
However, what type of personal information may have been accessed depends on whether you are a Medibank, ahm, My Home Hospital patient or international customer.
These differences are detailed below:
Medibank customers
For Medibank customers who are Australian residents, it is believed customer names, date of births, addresses, phone numbers and email addresses have been accessed by the criminal.
Other details such as driver licenses, Medicare numbers, passport numbers, credit card and banking details were not believed to be accessed for Australian resident Medibank customers. Health claim data for extra services (such as dental, physio, optical and psychology), were also not believed to be accessed the criminal.
Medibank believes health claims data, including service provider name and location, what type of medical service was received, and codes related to diagnoses and procedures were accessed for 160,000 Medibank customers.
ahm customers
Medibank believes ahm customers' names, date of births, addresses, phone numbers, email addresses and Medicare numbers have been accessed by the criminal.
ahm customer details that were not believed to have been accessed include: driver licenses, passport numbers, credit card and banking details.
Medibank believes health claims data, including service provider name and location, what type of medical service was received, and codes related to diagnoses and procedures were accessed for 300,000 ahm customers.
International student customers
Medibank believes the criminal has accessed the passport numbers and visa details of international student customers.
The company believes international students' names, date of births, addresses, phone numbers, email addresses have also been accessed by the criminal.
But international student customers' other details such as driver's licenses, credit card and banking information are not believed to have been accessed.
As many as 20,000 International students' health claims data, including service provider name and location, what type of medical service was received, and codes related to diagnoses and procedures, are also believed to have been accessed by the criminal.
My Home Hospital
Medibank believes 5,200 My Home Hospital patients have had some personal and health claims data accessed as well as the contact details of 2,900 next of kin of these patients.
What should customers do?
The company says it will inform customers what data it believes has been accessed or stolen and provide advice on what to do via email, letter or phone and how they should respond.
It has also urged customers to "remain vigilant" as the criminal may publish customer data online or attempt to contact them directly.
Customers have been warned to:
- Be alert for phishing scams via phone, post or email
- Verify any communication to ensure it is legitimate
- Not open texts from unknown or suspicious numbers
- Change passwords and activate multi-factor authentication on online accounts
- Report scams to Scam Watch
The company will also continue to update customers on the hack online.
Further support
Medibank has provided services for customers particularly vulnerable or distressed by breach. The package includes:
- A cybercrime health and wellbeing line where customers can speak to counsellors who have experience supporting victims of crime (call 1800 644 325, Medibank international students 1800 887 283 and ahm international students 1800 006 745)
- Hardship support for customers who are in a uniquely vulnerable position as a result of this crime (call 13 23 41 for Medibank, 13 42 46 for ahm and 1800 081 245 for MHH patients)
- Access to specialist identity protection advice and resources from IDCARE
- Free identity monitoring services for customers who have had their primary ID compromised
- Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime
Medibank customers seeking further information on the data hack and available support services can contact 13 23 31, while ahm customers can contact 13 42 46.