Late on Wednesday, Home Affairs Minister Claire O’Neill said that while the facts were continuing to be established, she had already called in Australian Signals Directorate and the Australian Federal Police.

“Medibank is co-operating with government in responding to this incident,” Ms O’Neill said.

The company had told the ASX last Thursday that it had detected “unusual activity in its network”, but added there was no evidence any sensitive data had been taken. It repeated that assurance in a statement on Monday.

However, Medibank – the largest health insurer in the country – has confirmed it has received messages from “a group that wishes to negotiate with the company regarding their alleged removal of customer data”.

Attributed to the group – but unverified – are threats to sell the information to third parties and to contact Medibank customers directly to authenticate that the data has been accessed. Because Medibank is a health insurer, it collates large amounts of data including on the health of customers.

In a statement on Wednesday, Medibank said it was “working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously”.

“As a health company providing health insurance and health services, Medibank holds a range of necessary personal information of customers,” the company said.

Medibank subsidiary ahm also noted the incident, saying usual activities for customers would continue but its system response may cause temporary service disruptions.

Trading of Medibank shares was paused on Wednesday morning before a halt was put in place in the early afternoon. It is the second halt in a week after Medibank disclosed the original incident on October 13. At the time, it disclosed unusual activity in its AHM and international student policy management systems, which were taken offline as a precaution.

The current Medibank trading halt will continue until further notice, and the company has advised the cyber security agencies.

The breach would be the third to affect a major local corporation since September. Information relating to almost 10 million Optus customers – including some Medicare numbers – was accessed last month, and the telco has brought in Deloitte to conduct an investigation into its security systems.

A hacker had claimed responsibility for that breach, demanding a $US1m ($1.6m) ransom before seemingly deleting the stolen data and apologising to customers.

“Too many eyes. We will not sale data to anyone. We cant (sic) if we even want to: personally deleted data from drive,” the user of a popular online data breach forum wrote in late September. “Sorry too (sic) 10,200 Australian whos data was leaked.” The apology came after the user posted 10,000 customer records online.

The Office of the Australian Information Commissioner and Australian Communications and Media Authority are reviewing why Optus had kept such extensive data on its customers.

MyDeal, a subsidiary of shopping centre chain Woolworths, also disclosed an incident late on Friday, although it says no Medicare or other government data was accessed in the breach.

In a statement on Wednesday, Medibank chief executive David Koczkar said the company had been “working around the clock” since it detected unusual activity in its systems.

“I apologise and understand this latest distressing update will concern our customers,” he said.

“We have always said that we will prioritise responding to this matter as transparently as possible. Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.

“We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.”

Medibank shares rose 0.5c, or 0.1 per cent, before being halted at $3.50 on Wednesday. On Monday, Medibank said it did not expect the “disruption” to derail its earnings guidance.

Its core health insurance division delivered a net profit to June 30 of $592.6m, up 10 per cent, and revenues of $6.86bn.

Angelene Falk, the Australian Information Commissioner, said the Optus breach was a “significant incident that is of great concern to millions of Australians”.

“All organisations need to assess the risk a data breach poses to compromising their own customers’ data and ensure additional safeguards are in place,” Ms Falk said.

Medibank said it will share technical information with rival funds to “help others understand how this incident transpired and to allow our industry peers to bolster their own defences”.

More Coverage

‘No evidence’ of breach as Medibank restores systems

Jared Lynch

Medibank reaches out to cyber security agencies after attack

JARED LYNCH

More related stories

Companies

Insurance and inflation a painful combination

Insurers have been racing to keep ahead of the costs they now face to rebuild a house or repair a car. That’s starting to change.

Read more

Aviation

Qantas chases Virgin Australia’s Tokyo Haneda slots

Qantas wants the valuable Tokyo Haneda Airport slots being handed back by Virgin Australia which experienced poor demand for its flights from Cairns.

Read more