“We will announce that we will release the next portion of data on Friday, bypassing this week entirely in the hope that something significant happened on Wednesday.”
Koczkar said the company’s determination has not faltered after the steady leaks of sensitive customer data.
“While we unreservedly apologize for the impact of making the data public, as a community we cannot pay criminals who will likely continue to blackmail us all – especially when there is no guarantee the criminal would ever delete the data.” As I said before, you can’t trust a criminal.”
Koczkar also reiterated that Medibank’s current response to the crisis would cost up to $35 million for the December half. This does not include other potential customer and other remedial, regulatory or litigation costs.
Wilkins apologized to investors and customers in his speech.
“This has caused grief and concern to many of our customers, our employees and you, our shareholders – many of whom I know are also customers,” he said.
“I offer my unreserved apologies to each person for the significant impact of this crime. It is a despicable act by the criminal who is attempting to extort payments over our customers’ privacy concerns and must be condemned in the strongest terms.”
Wilkins said the board will continue to invest in mitigating those risks, noting that major shareholders and advisers supported the board ahead of the expected fiery meeting with shareholders who could question directors and executives about the attack.
The data was stolen by hackers in October. Medibank announced last week that it had denied hackers’ demands to pay a ransom in return for not declassifying it. The ransomware group suspected of being behind the attack then began releasing tranches of stolen Medibank data to the dark web.
Proxy advisors have warned that Medibank Private executives and board will be held accountable for the catastrophic cyberattack that exposed customers, but the private health insurer’s top executives won’t face a strike today over its compensation report.
Deputy Investment Advisors ISS and CGI Glass Lewis are urging investors to support all resolutions at the meeting, including the Compensation Report and Koczkar’s Performance Incentive. As part of his $3.76 million compensation last year, he received more than $2 million in short-term incentives and performance rights.
The shareholders seemed to agree. Medibank released proxy details prior to the final vote on the resolutions and showed overwhelming support for all items on the agenda.
However, while CGI Glass Lewis has recommended that all directors be re-elected on Wednesday to ensure the group has a stable board to respond to “rapid developments”, it has indicated that a board renewal is required in the coming year could be, and the spectrum has been increased from executive pay “clawbacks” to account for all the flaws that allowed the attack to be so damaging.
The hacking incident escalated again Monday when this legal notice revealed that employee data was also hacked, potentially opening up new vulnerabilities for Medibank’s computer systems.
The theft was part of the same hack that acquired data on all of its 9.7 million current and former customers, including sensitive health information from about 500,000 policyholders.
The Australian Federal Police are stepping up efforts to contain the hack’s fallout as evidence emerges that the sensitive health data leaked by the criminals is becoming more publicly available.
“The Australian Federal Police are aware of the data on new websites and will look into it,” a spokeswoman for Medibank Private said when asked.
#Medibank #chairman #companys #cybersecurity #robust