SYDNEY — Medibank Private Ltd.
on Thursday said some of its customers’ claims information appears to have been accessed in a cyberattack on the company that was first disclosed last week.
The Australian health insurer said 200 gigabytes of data has been claimed to have been stolen in the attack, which is being investigated by the Australian Federal Police.
Medibank has received a sample of records for 100 policies, “which we believe has come from our ahm and international student systems,” the company said in a regulatory filing.
The sample included some claims data, such as where its customers have received medical services and codes for their diagnoses and procedures.
“The criminal claims to have stolen other information, including data related to credit card security, which has not yet been verified by our investigations,” the company said in the filing.
Other information in the sample included names, Medicare and policy numbers, addresses, birth dates and phone numbers.
The incident has fanned fears about cyber attacks in Australia following another major attack involving Optus, one of the country’s largest telecommunications providers. Earlier this month, Optus said that 2.1 million customers had at least one identity document number stolen in a cyberattack.
“I know that many will be disappointed with Medibank and I acknowledge that disappointment,” Medibank Chief Executive David Koczkar said.
Trading in the company’s shares has been halted.