Medibank Goes Offline to Recover from October Breach

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Australia’s largest health insurer, Medibank, announced that it’s going offline temporarily to recover from an October data breach that stole the personal data of around 10 million people.

Currently, the company’s homepage still references the attack with a red banner linking to news of its response and a note vowing to strengthen its cybersecurity.

“Planned outage this weekend – member services will be offline, and our contact centers and stores will be closed this weekend while we enhance the security of our systems,” said Medibank.

The insurer then followed up on a separate page with details covering the aftermath of the massive breach, where hackers extracted the names, dates of birth, addresses, phone numbers, and email addresses of around 9.7 million current and former customers, along with some of their authorized representatives.

“This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers,” the company noted.

Medibank’s website and system will be temporarily offline starting at 8.30 pm (AEDT) on Friday, Dec. 9, as the insurer begins, according to its latest update, “maintenance to further strengthen our systems and enhance security protections.”

This planned outage is described as “the next necessary phase” in Medibank’s work to strengthen its cybersecurity. According to the insurer, online services will be back online Sunday, Dec. 11 at the latest, while contact centers and retail stores will reopen on Monday, Dec. 12.

“While there has been no further suspicious activity detected inside our systems since 12 October 2022, as part of the next stage of our work we are undertaking maintenance across some of our systems to further strengthen security,” a Medibank spokesperson told reporters.

“This follows the recent addition of two-factor authentication in our contact centers to increase the level of security for our customers when they call for support,” the spokesperson added. “We are also continuing to analyze the information released by the criminal on the dark web.”

In November, Medibank warned customers that the ransomware group responsible for October’s breach had leaked the personal data stolen from its systems. 

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.