Medibank data breach

Finally got the email [1] from Medibank saying that my old membership data with them was stolen by cyber criminals.

Screenshot of an email with the heading ‘An important update from Medibank’.

The email reads: “Dear Ameel, We’re deeply sorry to inform you that some data relating to your former membership has been stolen in the recent cybercrime event. This email details what specific membership data was stolen, outlines actions you can take to safeguard your online identity, and the services available through our Cyber Response Support Program”.

The email then goes on to list what categories of data have and have not been stolen. The data stolen is name, gender, date of birth, email, address, phone number, policy number, and passport number. The data not stolen is credit card and banking details, and health claims data.

I left Medibank in 2009 so, with the exception of my name, gender, and date of birth [2], all the other data they have one me is now outdated and irrelevant.

And while it’s not great that various cybercriminals now have this data, in the broader scheme of things ‘tis but a flesh wound. After all, there’s not much that cybercriminals can do with a single old residential address, an old pre-paid phone number, and an expired Pakistani passport number :)

(Why Medibank kept all my customer data thirteen years after I closed my account with them is a whole other issue, of course. *sigh*)


[1] I got the email from them on 15 November 2022.

[2] You can find all this about me using open-source intelligence gathering anyway — like by looking through my social media feeds and seeing when my friends have wished me ‘happy birthday’, for example.