November 10, 2024

Five things you should do if you’re affected by the Medibank breach

Medibank #Medibank

Medibank has confirmed that data stolen from it has now been posted online, with criminals appearing to promise the full set of information on almost 10 million people will eventually be published.

The data ranges from basic personal information to details of medical procedures and claims, all of which could be leveraged by criminals for further attacks. If you’re a current or former Medibank customer and have been advised your data was accessed, here are some steps you can take.

Medibank initially said no customer data was compromised, but then it received a ransom and proof.Credit:Elke Meitzel

1. Check your email for a message from Medibank

Medibank is contacting all affected customers with specific advice. Breaches like this are very complicated to sort through, so it’s not as simple as the company being able to tell you definitively what data of yours the attackers have. But Medibank will have informed you what category of data it believes was accessed; i.e. your name, address, date of birth, Medicare number, passport number or details of medical procedures. As always, criminals could be taking advantage of the news to send fraudulent emails, and that includes pretending to be from Medibank. So make sure your email came from Medibank (check the “from” address carefully), and remember that Medibank will not be asking for personal details over email. If in doubt, don’t click any links.

2. Secure your accounts

Loading

This is general digital hygiene advice, but since your details may be newly added to lists of targets criminals use for automated attacks, it’s worthwhile making sure everything’s locked down. Focus on anything money-related like PayPal or your bank login, and anything that contains more valuable personal details like Facebook. Each account should have a strong and unique password (look into a password manager to make this simpler), and you should activate two-factor authentication if possible. This will send a security code to your phone whenever a login from a new device is detected.

3. Organise to replace your ID

This is only applicable if you’ve been advised that your Medicare or passport numbers may have been accessed, and if you believe those numbers are still current. Applying for a new Medicare card is a hassle, and applying for a new passport even more so, but given they can be used as part of a 100-point identity check criminals may use them in attempts to take out credit in your name. Medibank does not believe criminals had access to the expiry dates of these documents, but again it’s better to be safe.

Leave a Reply