Trading in shares of Medibank was halted yesterday until further notice with the company confirming that it has received messages from a group claiming to have obtained customer data through the recently announced cyberattack.
Medibank said the group wishes to "negotiate with the company regarding their alleged removal of customer data," indicating a potential ransom demand.
"This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority," said the company.
"Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.
"As a health company providing health insurance and health services, Medibank holds a range of necessary personal information of customers.
"Medibank systems have not been encrypted by ransomware, which means usual activities for customers continues," it said.
CEO David Koczkar said, “I apologise and understand this latest distressing update will concern our customers."
“We have always said that we will prioritise responding to this matter as transparently as possible.
“Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.
“We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.”