Medibank’s staff details stolen after property manager faces cyber breach

(Reuters) -Australia’s largest private health insurer Medibank Private on Tuesday said a file containing names and contact details of staff members had been compromised after its property manager faced a cybersecurity breach.

The incident comes at a time when Medibank is dealing with the fallout of a cyber incident it faced in October, where data of about 9.7 million of its current and former customers was compromised.

It is currently facing three class action lawsuits in relation to the breach, and is also under investigation by the country’s privacy regulator on its handling of personal information.

Medibank in an email told Reuters that one of its property managers that uses file transfer software MOVEit was compromised, and a file containing its employee names, email addresses and phone numbers was stolen.

The company added that the file did not have employee bank details, payroll, or home addresses.

“We continue to investigate and work closely with the vendor, and at this stage we are not aware of any of our customers’ data being compromised,” Medibank said.

“Medibank systems have not been impacted by the MOVEit cyberattack.”

Shares of the health insurer were trading 0.3% lower as at 0516 GMT.

Over the past 10 months, Australia has been roiled by a raft of cyberattacks, prompting regulators to investigate company practices of handling personal information and plan an overhaul of the country’s cybersecurity rules.

(Reporting by Rishav Chatterjee in Bengaluru; Editing by Dhanya Ann Thoppil and Sonia Cheema)

tagreuters.com2023binary_LYNXMPEJ5J03B-VIEWIMAGE