Close this search box.

MEDIBANK UPDATE: Everything you need to know


Although Medibank initially claimed there was “no evidence that customer data has been accessed”, the public has learned the scale of the breach last Thursday as the Australian Signals Directorate and the AFP started to investigate.

What happened?

On 13 October, Medibank announced that it had halted shares, taken down its budget provider, ahm, and its international student division due to a “cyber incident”.

On the following day, the company announced it had restored systems and was “still responding” to the incident.

Medibank initially emphasised there was “no evidence that customer data has been accessed”.

However last week, Medibank disclosed to the Australian stock exchange that hackers had contacted them to “negotiate” over the future of 200 gigabytes of customer data they claimed had been stolen.

What type of cyberattack occurred?

The Australian reports that a credential broker – a type of criminal that steals and sells credentials – obtained a Medibank login with high level access to the health insurer’s network, then advertised it on a Russian-language forum.

The second criminal bought the data and accessed Medibank to collect information about its structure and function.

Hackers infiltrated Medibank’s system by building a custom tool to steal data in bulk. A zip file with all customer information was created and then moved, alerting Medibank to suspicious activity.

Investigators from the Australian Federal Police and Australian Signals Directorate are still investigating how long the criminal that bought the Medibank login was on the network.

What data was accessed by the threat actors?

Medibank stated that the data is believed to have come from their ahm and international student systems.

The hacker shared a sample of 100 stolen policies for verification. This information contained:

  • Names
  • Addresses
  • Dates of birth
  • Medicare numbers
  • Phone numbers
  • Medical claims documents (including medical diagnoses, procedures, as well as substance abuse and mental health treatment records)

According to Medibank, the attacker also claimed to have “data related to credit card security” but this has yet to be verified.

How many Medibank customers were affected?

The Australian health insurance company has confirmed today that all of its 3.9 million customers have been affected by the cyber-attack.

Hackers begin to leak data

Yesterday, Medibank said the hackers had shared another 1000 ahm customer files, in addition to the 100 sample customers it confirmed last Thursday.

Medibank hack ignites new government legislation

This week, the government is set to introduce new legislation to parliament that greatly increases penalties for companies that fail to secure sensitive data properly.

There will be fines based on whatever represents the greatest cost: $50 million, 30% of the company’s turnover in the relevant period, or three times the benefit gained from the stolen data.

As a result of the new laws, the Australian Information Commissioner would have more power to resolve breaches and increase information sharing with the Australian Communications and Media Authority.

Advice for Medibank customers

In the event of a data breach of this size and scope, it may be difficult for an individual to respond adequately. In most cases, criminals will use this information to take out fake loans or make purchases using credit cards. Monitoring financial information is essential for managing this risk.

The risks of social media platforms can be managed by reviewing security settings, closing old or unused accounts, and being cautious about what is posted. Criminals cannot use contextual information to steal your identity or conduct personalised phishing attacks this way.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →