Fears for overseas students following Australian cyber breach

International students in Australia have been warned to be on their guard for fraudsters, after hackers invaded one of the country’s biggest medical insurers.

Medibank Private, one of five companies authorised to provide overseas student health cover (OSHC), revealed on 13 October that it had been the subject of a “cyber incident”. At the time it said there was no evidence that sensitive data had been accessed, and that customers could expect little inconvenience other than temporary disruptions as the international student policy management systems were taken offline.

That assessment changed a week later, with Medibank revealing that it had been contacted by a “criminal” claiming to have stolen 200 gigabytes of data. The extortionist had sent sample records from 100 policyholders, including international students, detailing their names, addresses, dates of birth, phone numbers, insurance details and medical histories.

The following week, the company said it had been sent a further 1,000 sample records. It has called in cybersecurity firms and the incident is under investigation by the federal police.

The education department has apprised international students of the “evolving situation”, warning them to “be alert for scams referencing this incident”. It advised them to secure their devices and accounts, monitor them for “unusual activity” and report any evidence of cybercrime.

Medibank is just one of the Australian corporations reported to have been hacked in recent weeks, alongside telecommunications giants Optus and Telstra, retailer Woolworths, utility EnergyAustralia, wine dealer Vinomofo and pathology chain Medlab. Collectively, private details of as many as one in two Australians are thought to have been seized.

The Medibank incident is considered one of the worst because the hackers obtained sensitive medical information. International students are a favourite target of fraudsters because they lack familiarity with local services and some are instinctively fearful of police and other authorities.

Some 166,000 reported scams in Australia netted their perpetrators at least A$1.8 billion (£1 billion) last year, according to the latest Scamwatch report from the Australian Competition and Consumer Commission. Ruses involving threats of arrest or physical harm, which are often deployed against foreign students, reportedly cost their victims A$11 million.

The hacking incident could exacerbate international students’ grievances over their treatment by Australia. OSHC, which they are required to purchase as a visa condition, essentially guarantees the same level of coverage that locals enjoy for free from the national health insurance programme Medicare.

Medibank is contacting affected customers including international students to offer guidance, and has established specialised teams to help those targeted by scams. It has announced support including free identity monitoring services, reimbursement of fees for reissue of identity documents, and a hardship package for victims in “uniquely vulnerable positions”.

john.ross@timeshighereducation.com