Five things you should do if you’re affected by the Medibank breach

Posted on : November 9, 2022
Five things you should do if you’re affected by the Medibank breach

Medibank has confirmed that data stolen from it has now been posted online, with criminals appearing to promise the full set of information on almost 10 million people will eventually be published.

The data ranges from basic personal information to details of medical procedures and claims, all of which could be leveraged by criminals for further attacks. If you’re a current or former Medibank customer and have been advised your data was accessed, here are some steps you can take.

Medibank initially said no customer data was compromised, but then it received a ransom and proof.Credit:Elke Meitzel

1. Check your email for a message from Medibank

Medibank is contacting all affected customers with specific advice. Breaches like this are very complicated to sort through, so it’s not as simple as the company being able to tell you definitively what data of yours the attackers have. But Medibank will have informed you what category of data it believes was accessed; i.e. your name, address, date of birth, Medicare number, passport number or details of medical procedures. As always, criminals could be taking advantage of the news to send fraudulent emails, and that includes pretending to be from Medibank. So make sure your email came from Medibank (check the “from” address carefully), and remember that Medibank will not be asking for personal details over email. If in doubt, don’t click any links.

2. Secure your accounts

This is general digital hygiene advice, but since your details may be newly added to lists of targets criminals use for automated attacks, it’s worthwhile making sure everything’s locked down. Focus on anything money-related like PayPal or your bank login, and anything that contains more valuable personal details like Facebook. Each account should have a strong and unique password (look into a password manager to make this simpler), and you should activate two-factor authentication if possible. This will send a security code to your phone whenever a login from a new device is detected.

3. Organise to replace your ID

This is only applicable if you’ve been advised that your Medicare or passport numbers may have been accessed, and if you believe those numbers are still current. Applying for a new Medicare card is a hassle, and applying for a new passport even more so, but given they can be used as part of a 100-point identity check criminals may use them in attempts to take out credit in your name. Medibank does not believe criminals had access to the expiry dates of these documents, but again it’s better to be safe.

4. Seek help from Medibank

This, again, may be a hassle given how many people are going to be contacting the company at the same time. But Medibank is actively rolling out several avenues for support, including phone lines, websites and apps. You can find a full list at the bottom of the company’s “cyber event” page. Medibank has pledged to provide counselling and wellbeing support for affected customers, hardship support for those financially impacted, identity protection and monitoring services, support for anyone receiving threats or scams, and reimbursement for fees related to identity document replacements.

5. Understand you may be targeted

Absolutely anyone can be hit with scam messages, emails or phone calls, given how prolific criminals are at scooping contact and identity details from any place they appear online. But if your details are included in the data stolen from Medibank and currently being dumped, it might be prudent to be extra wary. Don’t click on any links in emails or text messages, and don’t give any personal details to anyone if you’re not 100 per cent sure who they are. Instead, if you’re reached by someone claiming to be (for example) a bank or telco and you think it’s legitimate, you should contact them using their official channels.

If Medibank has advised you that your health claims data has been accessed, criminals may have details of your medical conditions and past procedures, which they could use to extort you or convince you they are medical professionals. Again, do not reply to any such contact, click any links or provide any information.

Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.

Most Viewed in Technology

From our partners

Source: Read Full Article