The ransomware group has posted the details of hundreds of Australian customers so far, under a ‘good-list’ and ‘naughty-list’.

It comes after Medibank CEO David Koczkar said on Monday that there was only a limited chance that paying a ransom would prevent customers’ data being published.

Here’s what you need to know and the steps you should take if you are a Medibank customer.

WHAT SHOULD I DO?

Customers have been urged to “remain vigilant” as their data may be published online and the hackers may attempt to contact them directly.

You should replace their Medicare card, which can be done online through MyGov.

It’s important to secure devices and monitor both devices and accounts for “unusual activity”, making sure all the latest security updates have been installed.

Be alert for phishing scams via phone, post or email and ensure that you verify any communication to ensure it is legitimate.

It is also vital that customers avoid opening texts from unknown or suspicious numbers.

DO I NEED TO CONTACT MY BANK?

If you are concerned your identity has been compromised or you have been a victim of a scam, contact your bank immediately and call IDCARE on 1800 595 160.

WHO IS AFFECTED BY THE HACK?

The company believes the personal details of 9.7 million current and former customers were accessed by the hackers.

These current and former customers include 5.1 million Medibank customers, 2.8 million ahm customers and 1.9 million international customers.

WHAT INFORMATION WAS ACCESSED?

For Medibank customers who are Australian residents, customer names, date of births, addresses, phone numbers and email addresses are believed to have accessed by the criminal.

It is believed health claims data for 160,000 Medibank customers has been obtained.

Medibank believes ahm customers’ names, date of births, addresses, phone numbers, email addresses and Medicare numbers have been accessed by the hacker.

The hackers are believed to have accessed the passport numbers and visa details of international student customers.

The names, date of births, addresses, phone numbers, email addresses of international students have also been accessed by the hackers.

WHAT IS MEDIBANK DOING?

A Medibank cybercrime customer support package has been set up for affected customers.

It includes financial support and access to specialist identity protection advice and resources from IDCARE.

The package includes free identity monitoring services for customers who have had their primary ID compromised and reimbursement of fees for reissue of identity documents.

WHAT DO I NEED TO SET UP?

It is essential that customers change their passwords and activate multi-factor authentication on online accounts.

WHO DO I CALL IF I NEED ADVICE?

Those affected can call the cybercrime health and wellbeing line. Customers can speak to counsellors who have experience supporting victims of crime (call 1800 644 325, Medibank international students 1800 887 283 and ahm international students 1800 006 745).

WHAT ABOUT OTHER SUPPORT?

Customers who are uniquely vulnerable or in need of hardship support can call 13 23 41 for Medibank, 13 42 46 for ahm and 1800 081 245 for MHH patients.

WHO CAN I TALK TO GET TO MORE INFORMATION?

Medibank customers seeking further information on the data hack and available support services can contact 13 23 31, while ahm customers can contact 13 42 46.

More Coverage

Meghan reveals secret code used to call her the ‘B-word’

Justin Vallejo, Zoe Smith

Plunged into darkness, Ukraine vows to ‘shoot down’ enemy

Justin Vallejo, Tiffany Bakker, Merryn Johns, Zoe Smith

Originally published as Medibank hack: What customers need to do next