Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack.
In an update to its ongoing investigation into the incident, the firm said the attackers had access to “Significant amounts of health claims data” as well as personal data belonging to its ahm health insurance subsidiary and international students.
Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country.
The development comes as the incident has become the subject of an investigation by the Australian Federal Police, with Medibank acknowledging that it has been contacted by a criminal actor claiming to have siphoned 200GB of data.
The Medibank hack follows another cyberattack aimed at Australian telecom giant Optus, which resulted in the theft of nearly 2.1 million of its current and former customers.
The high-profile and damaging data breaches have prompted the Australian government to introduce stringent data protection laws, which include increased monetary penalties of up to AU$50 million from the current AU$2.2 million cap.