More Australians are learning their personal information was stolen by cyber criminals and released on the dark web months after health insurer Medibank was hit in a data breach.
Several Medibank travel insurance customers this week reported receiving confirmation from the health insurer that some of their personal details had been released on the dark web as part of the major breach in October.
WATCH THE VIDEO ABOVE: Clever Christmas scam targeting shoppers.
Watch the latest news and stream for free on 7plus >>
A spokesperson for the insurer told 7NEWS.com.au it had previously announced that the travel arm was affected in the October breach.
However, emails were sent to individual customers this week formally alerting them which aspects of their data had been compromised.
“Our travel insurance customers would have recently received their formal notification from us which informs them about what data of theirs was impacted in the recent cybercrime, as well as advice and support available to them,” the spokesperson said.
Customer Peter Anderson said he thought his personal data had managed to be kept private but received news on Thursday he was included in the breach.
“Here I was thinking I’d escaped the Medibank breach but of course, I haven’t because the travel insurance arm – which I had assumed was a white label – was also breached. What a cluster,” Anderson said.
“I thought I’d managed to escape all of the recent date breaches unscathed. Alas,” another travel insurance customer Jeremy Kirk shared.
Based on its investigation, Medibank says it believes the cyber crooks accessed travel insurance customer data including first names and surnames, date of birth, addresses, email addresses, phone numbers and policy start dates.
One customer told 7NEWS.com.au their passport information was not included in the breach.
Kirk also said the insurer informed him passport details had not been stolen.
The hackers stole the health records of almost 10 million current and former customers and published the entirety of the data on the dark web, including records of procedures and conditions related to abortions and mental health disorders.
Medibank says there has been no further suspicious activity detected inside its systems since the attack, and this month pledged to work alongside Australia’s information commissioner in an investigation following the data breach.
The Office of the Australian Information Commission confirmed earlier in December it would be examining the insurer after having enough evidence to press further.
The investigation will centre on whether the health insurer did enough to protect personal information and if the company took reasonable steps to comply with privacy guidelines.
The commissioner can seek civil penalties through the Federal Court of up to $2.2 million for each privacy contravention.
A Medibank spokesperson said earlier the insurer was continuing to work with customers affected by the data breach, including mental health and wellbeing support measures.
– With AAP
If you’d like to view this content, please adjust your .