Outrage as Medibank bosses handed huge bonuses despite cyberattack that exposed private medical information of millions including Prime Minister Anthony Albanese
- Medibank bosses to win bonuses worth $7.3m despite data breach
- The data breach bill is expected to cost between $35 million and $150 million
- Chairman Mike Wilkins says executive pay won’t be reviewed until next year
Medibank bosses will still take home bonuses worth $7.3 million despite a massive data breach that exposed the health records of nearly 10 million Australians, including Prime Minister Anthony Albanese.
The cleanup bill following the data breach is expected to cost between $35 million and $150 million, but executives will still keep their bonuses.
Chairman Mike Wilkins said executive pay would not be reviewed until next year after an external review of the attack is completed.
“That’s something we’ll consider for the year 2023 once we get the full survey results,” Wilkins said.
CEO David Kockzar took home bonuses worth $1.1 million in the last fiscal year, with a total salary of $2.59 million.
Medibank CEO David Kockzar (pictured) took home bonuses worth $1.1 million in the last financial year, with a total salary of $2.59 million.
Medibank stands firm in refusing to pay ransom to hackers who stole customer data as health insurer holds annual general meeting
On Wednesday, executives stood by their call not to pay ransoms to Russian hackers who stole millions of personal customer data. But shareholder Mr Wilkins Wilkins explains why the health insurer did not take cybersecurity “as seriously as you should have” at the insurance giant’s annual general meeting.
Mr Wilkins said: “Medibank aims to fairly reward executives for implementing corporate strategy in a way that meets community and customer expectations and delivers sustainable returns to shareholders.”
The meeting comes a month after hackers stole the personal information of the insurer’s 9.7 million current and former customers.
The company confirmed to investors that the initial cost for the first half of the fiscal year would be $25 million to $35 million before accounting for legal and other fees.
A ‘rather disappointed’ shareholder asked if IT security would be part of the company’s recently announced external review, also wondering if the responsible executive would see his salary reduced.
Mr Wilkins said executive pay would be taken over at the end of the next financial year, but pay would be tied to performance.
“The board is very conscious of the alignment between pay and results,” he said.
Medibank chairman Mike Wilkins faced cybersecurity questions at the company’s annual general meeting after the insurance giant was hacked with the private data of Australians exposed
A representative from the Australian Shareholders Association asked when specific responsibility would be taken for the breach, but Mr Wilkins said that would come after the review was completed.
The company has started contacting around 480,000 customers who it says had their health data stolen.
“Protecting our customers’ data is a responsibility we take very seriously and we will continue to support everyone affected by this crime,” Wilkins said in his opening remarks.
“There is no doubt that this crime has a huge impact on our customers and our community. It is a shocking crime, the size and scope of which we have never seen before.
But Mr Wilkins said paying a $9.7 million ransom was never an option and would have supercharged the piracy industry.
“There was a limited chance that paying a ransom would secure the return of our customers’ data and prevent it from being released,” he said.
“The advice we got was that paying a ransom could have had the opposite effect and encouraged the criminal to extort our customers directly.”
The hackers had indicated they would watch the meeting before releasing another slice of stolen data.
“We will announce the next part of the data we release on Friday (sic), completely bypassing this week in hopes that something significant happened on Wednesday,” the hackers wrote in an update.
Mr Koczkar said the company had begun the “incredibly complex” process of contacting half a million customers whose sensitive data had been taken.
“This ongoing work continues and requires our teams to analyze millions of records across many applications and compare customer data from multiple sources,” he said.
A 100-officer cybercrime operation targeting hackers will be led by the Australian Federal Police and the Australian Signals Directorate.
Data including names, phone numbers, health insurance numbers and sensitive health information was taken by the hackers during the breach.