Health insurance provider Medibank is the latest Australian organisation to be hit by a cyber attack.
The company, which has more than 3.7 million customers, says a hacker claims to have stolen 200GB of data and given 100 policies as proof.
Here is what we know and what Medibank has said to do if you are a customer.
What's happened so far?
- Medibank was hit by a cyber attack last week but at the time the company said there was no evidence that sensitive data had been accessed
- On Wednesday, it issued a statement saying it received a message from a group claiming to be hackers
- The company halted trading on the share market as a result
- Cyber Security Minister Clare O'Neil said the attack has been referred to the Australian Federal Police
- Medibank is also working with the Australian Cyber Security Agency and the Australian Signals Directorate
- On Thursday, Medibank confirmed a criminal has provided the company with a sample of 100 records, which it believes are from its systems
- The company expects that more people will be impacted as investigations continue
What data does the Medibank cyber attacker have?
Medibank holds a range of sensitive information by virtue of being a health insurance company.
Of the 100 records supplied by the hacker, Medibank says the data includes:
- First names and surnames
- Addresses
- Dates of birth
- Medicare numbers
- Policy numbers
- Phone numbers
- Data from claims made to the insurer
The data also includes details about where customers received medical services, the codes relating to their diagnosis and procedures.
The hacker also claims to have credit card details, however, this has not been verified by Medibank.
Medibank thinks these policies come from subsidiary ahm and products used by international students.
What happens now?
Medibank said it is working to contact customers impacted by the breach to provide guidance.
The company said it expects the number of people who are impacted will continue to grow.
What should Medibank customers do?
Medibank has urged customers to be "vigilant", presumably of scammers or criminals seeking to take advantage of their data.
They said customers should seek independent advice about their personal data security from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au.
The company said it will never contact customers requesting passwords or other sensitive information.
Medibank has not suggested all customers need to change their identification documents such as drivers license or passport.
How has the hacker taken this information?
Earlier on Thursday, Medibank described the hack as a ransomware attack.
In a ransomware attack, malicious software is generally used to lock up or encrypt information so holders no longer have access to them.
Hackers then demand a ransom to return access to the files.
Medibank earlier said it had been contacted by "a group" that wished to negotiate the return of data the company held.
In its latest update, Medibank said it had been contacted by "a criminal".
How much data does the hacker have?
Medibank says the hacker claims to have stolen 200GB of data.
To put this into context, the latest base model iPhone holds up to 128GB of data and Netflix says an hour of high definition viewing uses about 3GB.
What has Medibank had to say?
Medibank CEO David Koczkar has apologised for the data breach.
"I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and the broader community," he said.
How does this compare to the Optus data breach?
Last month, Optus confirmed there was a widespread data breach.
At this stage, Medibank is investigating the hacker's claims and is yet to confirm how much data has been stolen.
We will keep across updates as they come.
In the meantime, here is a step-by-step guide how to protect yourself after a data breach, a Q&A session with experts on how to protect your personal data and a round up of common scams going around at the moment.