On Monday, Medibank Private Ltd (MPL.AX), Australia's largest health insurer, stated that no ransom payment will be made to the criminal responsible for a recent data theft in which the data of approximately 9.7 million current and former customers was compromised.
Highlighting the findings of the firm's investigation thus far, Medibank confirmed that the data theft accessed the name, date of birth, address, phone number, and email addresses of approximately 9.7 million current and former customers.
Cyber security issues in Australia have skyrocketed in recent years, according to a government report, with one attack occurring every seven minutes.
"Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank CEO David Koczkar said.
Paying a ransom could encourage the hacker to directly extort customers, causing more people to suffer, according to Koczkar. The insurer reiterated that business operations remained normal during the cyberattack, with customers continuing to have access to health care.
Medibank has warned its customers to be cautious because the criminal may leak the data online or attempt to contact them directly.
In the last few weeks, Singapore Telecommunications' (STEL.SI) unit Optus disclosed a breach of up to 10 million customer accounts, and Woolworths (WOW.AX) revealed that the data of millions of customers using its bargain shopping website had been compromised.
Medibank has announced that it will commission an external review in order to learn from the cyberattack, as well as expand its Cyber Response Support Program.