)
Private health insurer Medibank Group (ASX: MPL) has this morning confirmed no customer data were removed from its network during a data breach last week detected in parts of the company’s IT system.
The company says the ‘unusual activity’ detected last week was consistent with the precursors to a ransomware event, implying the company’s cyber security systems were able to halt something potentially quite damaging to the firm.
Medibank says it will continue to investigate the incident as part of its ongoing forensic analysis, but that normal operations have since resumed.
“When the unusual activity was detected on part of its network, the company took the precautionary action to temporarily block and isolate access to the ahm and international student customer policy management systems while the activity was investigated,” says Medibank.
“This was done out of an abundance of caution, and it enabled Medibank to provide additional protection of customer data on that system.
“The systems were restored on new IT infrastructure and normal activity resumed for ahm and international student business on Friday 14 October 2022.”
The company adds that its systems were not encrypted by ransomeware during the incident and that there is no indication that it was caused by a state-based threat actor.
“We are sorry this incident occurred, and we understand this news may have caused concerns and inconvenience for some of our customers. We took the necessary precautions to protect the data of our customers, people and other stakeholders, and we will continue to do so,” says Medibank CEO David Koczkar.
“I thank our customers for their patience during this incident. We take the protection of our customers’ data very seriously and ongoing investigations continue to show no evidence customer data has been removed from our network. We will provide updates if the situation changes.
“We will also share technical information with peers across the industry as part of our commitment to helping others understand how this incident transpired and to allow our industry peers to bolster their own defences.”
The update comes after Woolworths Group (ASX: WOW) subsidiary MyDeal announced late last week that the personal data of 2.2 million customers has been affected by a cybersecurity breach.
Woolworths, which announced the breach last Friday, says a comprised user credential was used to gain access to its customer relationship management (CRM) system, resulting in the exposure of some data.
This includes customer names, email addresses, phone numbers, delivery addresses and, in some instances, dates of birth. For 1.2 million customers involved in the breach, only their email addresses were exposed.
The e-commerce subsidiary, which was acquired by Woolworths in September, says it has already commenced the process of contacting the 2.2 million affected customers by email, and has also engaged with relevant regulatory authorities and government agencies.
“We apologise for the considerable concern that this will cause our affected customers. We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks,” MyDeal CEO Sean Senvirtne said.
“We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.”
)
