This week,the criminals declared that no further information would be released until Friday,indicating they would be watching the shareholder meeting with interest.
“There is some more records for everybody to know,” they wrote in a blog update.
“We’ll announce,that next portion of data we’ll publish at Friday,bypassing this week completely in a hope something meaningful happened on Wednesday.”
Koczkar said the company’s resolve had not diminished after the steady leak of sensitive customer data.
“While we unreservedly apologise for the impact of the release of the data,we cannot as a community,pay criminals who are likely to continue to extort us all – particularly when there is no guarantee that the criminal would ever delete the data. As I’ve said before,you cannot trust a criminal.”
Koczkar also warned that customers and media should not take the material published by hackers as fact.
“This is a complicated process. The data that’s actually on the dark web is sometimes not accurate. It’s not complete,” he said.
“We need to make sure we match the data back to the data in our systems to make sure that we communicate very clearly.”
He reiterated that Medibank’s current response tothe crisis would incur costs of up to $35 million for the December half. This does not include further potential customer and other remediation,regulatory or litigation-related costs.
Wilkins apologised to investors and customers in his speech.
“It has caused distress and concern for many of our customers,our people and for you,our shareholders – many of whom I know are also customers,” he said.
“I unreservedly apologise to every person for the significant impact of this crime. It is a despicable act by the criminal seeking to extort payment based on the privacy concerns of our customers and must be condemned in the strongest possible terms.”
Wilkins said the board would continue to invest in mitigating these risks and indicated that major shareholders and advisers had shown support for the board.
Ahead of the meeting,proxy groups CGI Glass Lewis flagged that board renewal and executive scalps may be needed over the coming year and raised the spectre of executive pay “clawbacks” to account for any shortcomings that allowed the attack to be so damaging.
The hacking incident escalated again on Monday when this masthead revealed thatemployee data was also hacked,potentially opening up new vulnerabilities for Medibank’s computer systems.
Loading
The Australian Federal Police are stepping up efforts to contain the fallout of the hack amid emerging evidence that the sensitive health data leaked by the criminals is becoming more publicly available.
The Business Briefing newsletter delivers major stories,exclusive coverage and expert opinion.Sign up to get it every weekday morning.