Sydney
Australia's biggest health insurer, Medibank Private Ltd, revealed on Wednesday that a cyber hack had compromised data of all of its nearly four million customers. It also said finances worth A$25 million to A$35 million ($16 million to $22.3 million) have also taken a hit in the first-half earnings.
The breach was reported earlier this month and the company at that time had not reported how many customers had been affected, or the financial ramifications of it.
But on Wednesday it said that all personal and significant amounts of health claims data of all its customers were compromised in the breach. Shares also fell more than 14 per cent, its biggest one-day slide since listing in 2014.
Also Read | Australia's biggest health insurer Medibank reports huge data breach
Medibank covers around one-sixth of Australians and it said the estimated cost did not include further potential remediation or regulatory expenses.
"Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement.
"I apologise unreservedly to our customers. This is a terrible crime â this is a crime designed to cause maximum harm to the most vulnerable members of our community."
The company reiterated that its IT systems had not been encrypted by ransomware. It said that it will continue to monitor for any further suspicious activity.
"Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday.
The country has been hit by several cyber attacks in recent times, sending warning bells for the government and corporate sector. The country's No. 2 telco, Singapore Telecommunciations Ltd-owned Optus, suffered a similar data breach where about 10 million customer accounts were exposed.
The hacker demanded random to keep the data safe, which he later withdrew over concerns about publicity.
The government has meanwhile said it would introduce fines of up to A$50 million for companies on the receiving end of data breaches.
(With inputs from agencies)