Australia’s top health insurer reels after data breach

(Reuters) – Medibank Private Ltd, Australia’s biggest health insurer, reported a massive data breach in October that compromised personal and medical information of its current and former customers, and slashed its stock value by almost a fifth.

The incident was one among a recent slew of hacks into some of the country’s largest companies, which experts say points partly to an understaffed and overworked cybersecurity workforce.

Here is what we know of the Medibank incident so far:

Oct. 13: Medibank says it detected unusual activity on its network and removes access to some customer-facing systems. The company says there was no evidence that any sensitive data was accessed.

Oct. 17: Normal business operations resume. Medibank reaffirms there was no evidence that customer data had been removed from its network.

Oct. 19: Medibank says an unnamed hacker group contacted it to negotiate about customer data it claimed to have retrieved from the company’s IT systems.

Oct. 20: Medibank confirms that a criminal stole personal information of 100 customers, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data.

Oct. 21: Medibank suspends trading amid the likelihood that the hack may impact more customers.

Oct. 25: The insurer says policy records of a further 1,000 customers were stolen by the criminal and that the number would likely rise.

Oct. 26: Medibank says the hack compromised data of all of its nearly 4 million customers, flags a potential charge of up to A$35 million ($22.4 million) for the first half, and withdraws fiscal 2023 forecast for a key growth metric.

Nov. 7: Medibank says no ransom will be paid to the criminal responsible for the data theft and that data of around 9.7 million current and former customers was compromised.

($1 = 1.5632 Australian dollars)

(Compiled by Upasana Singh in Bengaluru; Editing by Rashmi Aich)