headline

Group threatens to sell Medibank customer data after 'cyber incident'

The group allegedly responsible for Medibank's "cyber incident" has threatened to sell customer data unless the insurance company pays a ransom.

Medibank said it received messages from a group wishing to negotiate with the provider "regarding their alleged removal of customer data".

"This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority," Medibank said in a statement.

READ MORE: The Sydney suburbs with the worst pothole problems

Medibank is being sued by the ACCC.

"Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time."

Medibank remains operational and said no ransomware attacks have happened yet.

Today the health insurer halted trading on the Australian Stock Exchange as a result of the threat.

"Medibank has entered into a trading halt, to ensure that it meets its continuous disclosure obligations. The trading halt will continue until further notice," Medibank said.

Medibank shares last traded at $3.50.

It is the second time in a week the provider has been forced to stop trading.

READ MORE: Aussie top guns headhunted by China

Generic image of Medibank, Bourke Street, Docklands.

The insurer added it is working with cyber security firms and the Australian Cyber Security Centre to get to the bottom of the cyber incident.

"I apologise and understand this latest distressing update will concern our customers," CEO David Koczkar said.

"We have always said that we will prioritise responding to this matter as transparently as possible.

"Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.

"We will continue to take decisive action to protect Medibank customers, our people and other stakeholders."

READ MORE: Study finds worrying news for people who sleep less than five hours

https://twitter.com/_rockrit/status/1582610550110179328

Medibank announced last week it had been hit by a "cyber incident" but reassured customers their personal data remained safe.

No such reassurance was provided by the health insurer to customers today.

The incident comes just weeks after the major Optus hack which exposed at least 2.1 million personal identification numbers.