On 20 October 2022, Medibank Private Limited (Medibank Private) released a statement advising that it had been contacted by a criminal who claimed to have stolen Medibank Private and AHM data. The data includes names and addresses, dates of birth, Medicare card numbers, policy numbers, phone numbers and some claims data.

The criminal group began releasing Medibank data on the dark web in the early hours of Wednesday 9 November 2022. The information released includes customers’ identities and health-related personal information. Medibank recently warned customers it expected more stolen information to be released by the criminal group. For more information and updates check Medibank’s cyber security page and Scamwatch’s Medibank article.

If you think you may be affected by the recent Medibank Private data breach, you can contact Medibank for support.

Watch out for related scams

Please be aware that as the stolen data is released on the dark web, other criminal groups may use this information to try to scam Medibank customers.

If you’re a Medibank customer, you can expect to receive an increased number of phishing emails, phone calls, SMS or social media messages, or other types of scam attempts.

Please be aware that there are multiple types of scams so be careful!

For more information on types of scams and how to protect yourself from them, visit Scamwatch.

If you are a victim of a scam, please contact the police. If you need relevant legal support, you can contact SUPRA Legal Service.

Please feel free to share this article to help more people stay away from scams.


This information is current as at November 2022 and is intended as a guide to the law as it applies to people who live in or are affected by the law as it applies in NSW. It does not constitute legal advice.