Medibank CEO: Rejecting Ransom Demand “Right Thing To Do”
Medibank’s CEO David Koczkar has declared that Medibank will remain firm on its refusal to pay a ransom to criminals who stole over the records of 9.7 million customers.
“There is no doubt that rejecting the ransom demand was the right thing to do,” Koczar told investors at the private health insurer’s annual meeting this morning.
“This is a watershed moment for our community – a harsh reminder of the new frontier in cybercrime that we all face.
“While we unreservedly apologise for the impact of the release of the data, we cannot as a community, pay criminals who are likely to continue to extort us all – particularly when there is no guarantee that the criminal would ever delete the data.
“As I’ve said before, you cannot trust a criminal.”
The breach has since been confirmed to include personal records of a further 900 current and former employees.
Medibank incurred $35 million of costs for the December half relating to the breach. These costs don’t include any future regulatory fines or legal costs.
The insurer also withdrew its FY23 outlook, given this uncertainty, and will provide a further update with its half-year results in February.
Medibank chairman Mike Wilkins also apologised.
“It has caused distress and concern for many of our customers, our people and for you, our shareholders – many of whom I know are also customers.
“I unreservedly apologise to every person for the significant impact of this crime. It is a despicable act by the criminal seeking to extort payment based on the privacy concerns of our customers and must be condemned in the strongest possible terms.”