A cyberattack that resulted in the theft of personal data from almost half of all Australians will not be the last incident of its kind, the Prime Minister warned.
Electronic prescription provider MediSecure announced on Thursday that the data of 12.9 million customers had been stolen and an unknown amount had been uploaded to the darknet.
Prime Minister Anthony Albanese said the government was working with the Australian Federal Police and the private sector to address national security and privacy concerns.
“This is a very significant cyber event,” Albanese told reporters in Cairns on Friday.
“It is not the first and it will not be the last.
“We know that some state actors have been involved in cyber attacks, but we also know that criminal elements – both here and abroad – have been involved as well.”
Australians have been urged not to respond to unsolicited messages about the data breach as they may be scams.
Malicious actors have launched cyberattacks on various sectors in Australia.
Thousands of Western Sydney University staff fell victim to a data breach in May, less than a year after highly sensitive Victorian government information was stolen and leaked online.
The data of millions more Australians was compromised in attacks on Optus, Ticketmaster and Medibank.
Mr Albanese has called on Australians to be more aware of cyber threats.
MediSecure first became aware of the vulnerability on April 13, when suspected ransomware was discovered on a server containing sensitive personal and health data, and publicly confirmed the attack in May.
Australians who used the prescription delivery service from March 2019 to November 2023 were affected, the company said.
About 6.5 terabytes of data, including names, dates of birth, addresses, phone numbers, Medicare numbers, prescription information and reasons for taking medications.
A sample of the data was disclosed on the dark web, but MediSecure stated that due to the complexity of the data and the associated costs, it was not possible to identify the specific individuals affected.
The company appointed liquidators and entered insolvency proceedings in June.