Key Points
- Medibank says the data hack it suffered has taken a "distressing" turn
- Customer data from its flagship brand is among the information stolen from Australia's largest private medical insurer
Cyber Security Minister Clare O'Neil has expressed her concern after Medibank revealed a data breach was far bigger than previously believed.
Australia's largest private medical insurer said on Tuesday the hack had taken a "distressing" turn after it received further files from the hackers.
They included files containing Medibank customer data as well as 1,000 policy records from offshoot Ahm that had personal and health claims information.
The newly released information is in addition to details from international student customers and Ahm .
Ms O'Neil said she had been in constant contact with the company and insisted her government had provided the necessary resources to tackle the breach.
"The latest advice from Medibank is deeply concerning ... the government recognises that this incident is very stressful for affected Australians," she said.
"The toughest and smartest people in the government are working directly with Medibank to try to ensure that this horrendous criminal act does not turn into what could be irreparable harm to some Australian citizens."
Medibank says the cyber attack has taken a "distressing" turn with the receipt of a series of extra files from the hacker or hackers. Source: AAP / Bianca De Marchi
Medibank said it was too soon to know the full extent of the customer data that had been stolen but the breach was wider than .
The company, which has about four million customers, expects the number of people affected will continue to grow.
It is contacting current and former customers who might have had their private information stolen and is warning them to be on alert for any suspicious messages via email, text or phone call.
Medibank chief executive David Koczkar reiterated his apologies to the victims.
"As we continue to uncover the breadth and gravity of this crime, we recognise that these developments will be distressing for our customers, our people and the community, as it is to me," he said.
"This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community."
Last week, Medibank said the alleged hackers claimed to have stolen 200GB of data, including people's medical history, where medical services were received and codes relating to their diagnoses and procedures.
The hackers were holding the information hostage while trying to negotiate with Medibank.
It's the second high-profile hacking in a matter of months after .
The government is set to introduce new legislation to parliament this week that massively increases penalties for companies that don't properly protect sensitive data.
Fines will rise to whichever is greater of $50 million, 30 per cent of the company's turnover in the relevant period or three times the value of any benefit gained from the stolen data.
The laws would also boost the Australian Information Commissioner's powers to resolve breaches and increase information sharing with the Australian Communications and Media Authority.