A statement from Medibank released on Wednesday afternoon says it was contacted by a group that expressed “wishes to negotiate with the company regarding their alleged removal of customer data”.

“Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation, we are treating the matter seriously at this time,” a spokesperson said.

The company’s customer systems are currently up and running as they are not infected with ransomware, although Medibank expects temporary disruptions as investigations continue.

Medibank chief executive David Koczkar has apologised to customers.

“Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now,” he said.

The health insurer alerted customers on October 11 that it had been hit by a cyber attack, however said at the time that customer information hadn’t been accessed.

However, Medibank informed customers and shareholders of the “new development” that sensitive data may have been accessed.

“Medibank understands this news will cause concerns for customers and the protection of their data remains our priority,” a spokesperson said.

Medibank says it has 3.9 million customers across its brands.

“We will continue to take decision action to protect Medibank customers, our people and other stakeholders,” Mr Koczkar said.

The company has entered its second trading halt over the incident “to ensure that it meets its continuous disclosure obligations”.

Shares were trading at $3.50 before the action was taken.

The trading halt will remain “until further notice”.

More to come.