Just when you thought things couldn’t get worse for Medibank and its customers, new evidence shows that people who merely asked for a quote are also at risk.
It’s been one of Australia’s biggest and most serious commercial data breaches (so far), resulting in the private medical records of millions of Medibank customers being placed on the dark web.
Now, The Australian reports that leaked emails from the health insurer show that Aussies who simply got a quote for insurance but did not actually buy a policy are at risk of having their personal details – including name, date of birth, home address, phone numbers and visa subclasses – leaked online.
Medibank has begun sending emails to those potentially affected, warning of the danger.
Read: Law firms launch data breach complaint against Medibank
“Hi, we’re writing to you as you had previously obtained a quote from Medibank,” the email reads.
“We’re deeply sorry to inform you that we believe some data you provided for the quote has been stolen and released on the dark web, as a result of the recent cybercrime.
“We have a Cyber Response Support Package available for all customers, including people who received a quote.”
Medibank’s Cyber Response Support Package, announced last year after news of the breach broke, includes a hardship package to assist those in a uniquely vulnerable position due to the breach; access to Medibank’s mental health and wellbeing support line, access to specialist identity protection advice from IDCARE; free identity monitoring services for customers who have been compromised and the reimbursement of fees for the reissue of compromised identity documents.
Read: Your privacy rights given data breaches and identity theft
The Medibank incident highlights just how much of your personal information is gathered by companies, whether you want them to or not.
Businesses claim this information is necessary to enhance the customer experience, but rules and regulations around how that data is stored, and for how long, are unclear at best.
Most of those affected by this latest breach may not even have been aware their personal info was being stored by Medibank after the quote was completed.
Read: How safe is your data with a budgeting app
Rachel David, chief executive of Private Health Australia, told the ABC that the practice of holding personal information for quotes varies between insurers, but reports the Medibank quote data had been stored for multiple years were concerning.
“I do think a couple of years sounds a little excessive,” she said.
“I think in light of the issues that have occurred with the data breach, this is one of the things that health funds will be reviewing.”
Have you obtained a quote from Medibank in the past few years? Could you be at risk? Let us know in the comments section below.