Medibank says it will not make a ransom payment to the criminal responsible for the data breach.from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” said Medibank CEO David Koczkar.
Medibank says it won’t pay the ransom because there is only a small chance that the stolen data would be returned.“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
Medibank said it believed that all of the customer data accessed could have been taken by the criminal. The company continues to work with the Australian government, including the Australian Cyber Security Centre and the Australian Federal Police. Medibank added that normal business operations had been maintained, and no further suspicious activity inside its systems had been detected since 12 October 2022.and continue to strengthen our ability to safeguard our customers.”