Financial Services

Medibank hit with sell-offs as company says no data lost in cyberattack; no signs of ‘state-based’ actor

Mon 17 Oct 22, 1:17pm (AEST)
A laptop screen displays a pirate flag against an all-red background, reminiscient of screens victims of ransomware attacks may see when trying to use a compromised device
Source: Unsplash

Key Points

  • Medibank has today reassured the market no customer data was lost or stolen in a cyberattack detected last week
  • Medibank quietly buried in release there is no evidence the hack may have come from electronic military divisions of another country
  • Medibank also blocked access to international student customer database during attack

After issuing a trading halt last Friday, one day after the company revealed it had been hit with a cyberattack, Medibank (ASX:MPL) has today reported no customer data was lost in the incident and that business momentum will not be impeded. 

While Medibank was arguably dragged down by the broader market today, the -4.2% fall in lunchtime trades, which eclipsed falls on the S&P/ASX 200 Financials Index—down around -1%—suggests the stock is suffering from an overhang relating to last week's security breach.

Reuters forecast Asia Pacific markets would tank today as a contrarian rally witnessed last week failed to withstand into this week the USA’s 40-year high core inflation read. So, factor some of that in.

Medibank ultimately concludes today the cyberattack had all the calling cards of a ransomware attack and implies entities responsible attempted to install ransomware software onto its network, but ultimately failed. 

Sentiment will need time to regain confidence 

The fact of that failure has not done enough to recover sentiment for the stock at lunch. 

There is a geopolitical consideration hinted at in one line buried in Medibank’s announcement today: “there is no indication that the incident was caused by a state-based threat actor.”

If you’re reading in between the lines, they’re dogwhistling that the governments of China, Russia, and or North Korea were not involved; the three players most frequently suspected of state-sponsored cyber warfare attacks on Western companies. 

So, that’s good. 

Also worth noting is that the company says it immediately shut down its international student customer database once it identified unusual activity on its IT systems, in an “abundance of caution.” 

Why, exactly, Medibank ran to shut down its international student customer database, is not entirely clear.

What is a ransomware attack?

Ransomware attacks are a specific type of cyberattack wherein: 

  • An attacker gains access to a company’s network 

  • The attacker installs a program that encodes all company data, leaving it unreadable by company operators 

  • The company will then be given notice of a payment, usually in the millions of dollars, if it wants to get access to its own data back 

In one particularly high-profile incident, in May last year, NYSE-listed US energy player Colonial Pipeline was hit with a ransomware attack demanding lots of money in bitcoin in exchange for a return of the data. 

The move was not taken lightly. The US government response was so voluminous, in fact, the White House issued a fact sheet (read: press release) outlining all the steps it had taken to mitigate the situation. Even Homeland Security got involved, though, the incident didn’t really change the trajectory of Colonial’s share price in any meaningful sense. 

Intel on how incident occurred to become clear

“I thank our customers for their patience during this incident,” Medibank CEO David Koczkar said, “and ongoing investigations continue to show no evidence customer data has been removed.” 

“I would like to thank the Australian Cyber Security Centre, regulators and departments who supported our response.” 

“We will also share technical information with peers across the industry as part of our commitment to helping others understand how this incident transpired.” 

A look at Medibank's three month charts; one month returns are down -5%
A look at Medibank's three month charts; one month returns are down -5%


Written By

Jonathon Davidson

Finance Writer

Jonathon is a journalism graduate and avid market watcher with exposure to governance, NGO and mining environments. He was most recently hired as an oil and gas specialist for a trade publication.

Get the latest news and insights direct to your inbox

Subscribe free