Virgin Australia’s Customers Fall Victim to Medibank Cyber-attack

Virgin Australia’s Customers Fall Victim to Medibank Cyber-attack
A general view of the Virgin Australia Terminal at Perth Airport in Perth, Australia, on Jan. 8, 2021. Matt Jelonek/Getty Images
Alfred Bui
Updated:

Thousands of Virgin Australia customers have become the latest victims in the fallout of the massive data breach at Australian private health insurance provider Medibank.

On the evening of Nov. 9, Virgin Australia was informed by Medibank that several thousand of its Velocity Frequent Flyer membership numbers were leaked in the cyber-attack.

The airline immediately locked those accounts and later sent notices to impacted customers on the morning of Nov. 10.

“After being notified late yesterday, Virgin Australia is acting to protect a small number of Velocity Frequent Flyer membership numbers that may have been compromised as part of the Medibank cyber-crime event,” a spokesperson told The Epoch Times.

“As a precautionary measure, we have locked the accounts of impacted members.  We are notifying impacted members this morning and are in the process of creating new membership numbers for those members.”

Virgin Australia said around 2,800 members were affected by the incident.

Virgin Australia wide-body aircrafts are seen parked in the Brisbane Airport in Brisbane, Australia, on Aug. 5, 2020. (Albert Perez/Getty Images)
Virgin Australia wide-body aircrafts are seen parked in the Brisbane Airport in Brisbane, Australia, on Aug. 5, 2020. Albert Perez/Getty Images

While the impacted customers can still travel, access lounges and earn points, they are temporarily unable to redeem points and log in to their online accounts.

However, they will not be waiting long, as the airline said it would finish creating new membership numbers in the coming days.

The incident comes after Medibank refused to pay ransom to the alleged hackers following the data breach affecting 9.7 million current and former customers.
The hackers later allegedly posted hundreds of customers’ details, including their names, addresses and health condition, on the dark web and demanded the private health insurer pay US$10 million ($15.6 million), an equivalent of US$1 for each affected customer.

New Privacy Bill Imposes Tougher Penalties on Data Breaches

Meanwhile, a new privacy bill has passed the lower house of the Australian parliament.

Under the new bill, fines for data breaches will significantly increase from $2.2 million to either $50 million, 30 percent of a company’s turnover during the affected period, or three times the value of any benefit obtained through the misuse of personal information.

The amendment to the privacy laws will also grant the Australian information commissioner greater power to tackle privacy breaches and facilitate the sharing of information about data breaches to help affected customers.

Attorney-General Mark Dreyfus introduced the new bill to improve consumer data protection following the cyber-attack at phone and internet services provider Optus, which exposed the personal information of millions of customers.

The bill will now be moved to the upper house for further debate.

Alfred Bui
Alfred Bui
Author
Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].
Related Topics