Medibank refuses to pay cyber ransom in hack affecting 9.7M customers

Nov. 7 (UPI) -- Medibank, one of Australia's largest health insurers, said on Monday it will not pay a ransom to hackers who allegedly gained access to information belonging to millions of its customers recently.

The company said it cannot "trust criminals" attempting to shield the stolen information that was hacked. Medibank said last month it appeared hackers had breached its computer system to gain data on more than five million current customers and more former customers.

"Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank CEO David Koczkar said in a statement.

"In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target. It is for these reasons we have decided we will not pay a ransom for this event."

Emily Ritchie, senior executive for external affairs for Medibank, said it is believed the cybercriminals accessed the names, dates of birth, address, phone numbers and email addresses of around 9.7 million current and former customers and some of their authorized representatives.

She said hackers also accessed Medicare numbers, passport numbers and visa details for international student customers but did not gain access to primary identity documents, such as driver's licenses, for Medibank customers.

She added that hackers did not break into systems that housed health claims data for extras services -- such as dental, physio, optical and psychology -- and credit card and banking details.