Scamwatch is warning Australians to lookout for scams following the recent Medibank data breach and take steps to protect themselves.

The ACCC has developed a fact sheet about avoiding scams after the Medibank Private data breach:

Factsheet - Medibank Private ( PDF 163.42 KB )

Medibank Private has advised that it was contacted by a criminal claiming to have stolen 200GB of data including:

  • Names and addresses, date so birth, Medicare numbers, policy numbers, phone numbers and some claims data
  • Some data related to credit card security, which has not yet been verified by Medibank.

The Australian Government is working closely with Medibank Private to provide all the support possible to help resolve this situation and protect those customers who may have been affected.

  • Medibank Private is receiving ongoing technical advice and assistance from Australian Government agencies, including the Australian Signals Directorate and the Australian Federal Police.
  • The AFP has launched Operation Pallidus to investigate the Medibank Private data breach.

Advice to Medibank customers

  • All Australians and Australian organisations need to strengthen their cyber defences to help protect themselves against online threats.
  • If you think you may be affected by the recent Medibank Private cyber incident, AHM customers should contact 13 42 46 and for Medibank Private customers 13 23 31. Contact Medibank | Medibank

All consumers and businesses should look out for scams

  • Scammers will use the data breach and target people in any way that they can. This means you will likely notice an increased number of phishing emails, phone calls, and SMS or social media messages.
  • Be wary of new communications and don’t just accept what you’re being told. Take your time, do your research, and independently contact the purported business or agency communicating with you, using contact details you have sourced yourself, for example through searching for the business or agency online.
  • Do not click any links or open any attachments.
  • Never provide anyone with your personal or banking information or grant remote access to your device.
  • Check the login activity for your accounts and sign out of unrecognised devices (Microsoft, Gmail, Yahoo, AppleID, Facebook)
  • Check your social media accounts, update passwords and do privacy and security checks