Helpful resources and advice on protecting your information and being vigilant to scams.
Steps you can take to protect yourself
We urge you to be vigilant to scams and take extra precautions to stay safe.
Be alert for any phishing scams that may come to you by phone, post or email
Scammers can pretend to be from Medibank, ahm, financial institutions, telecommunications carriers, government, or other brands and service providers.
ahm will never contact you to demand money, ask for your password or sensitive information, or attempt to call you outside of business hours unless by prior arrangement.
Verify any communications you receive to ensure they are legitimate
Pay attention to the sender of any communications you receive. Instead of clicking links within emails or text messages, visit the organisation’s website or app for more information.
Do not open texts or emails from unknown or suspicious numbers or email addresses
If you receive any suspicious emails or texts, please report them to ScamWatch.
Do not provide personal or credential information
ahm will never contact you requesting passwords or other sensitive information.
Monitor your bank accounts for any unusual or fraudulent activity
While we believe credit card or banking details have not been accessed, we recommend staying vigilant to fraudulent transactions.
Change your passwords regularly with ‘strong’ passwords
Where available, activate multi-factor authentication on any online accounts you have.
What to do if you have been scammed
If you have engaged in a scam, it’s important to act quickly.
Financial information
If you believe you have been scammed and supplied financial information including your credit card, debit card or bank account information, reach out to your bank straight away to report this.
Personal information
If you have provided other personal and/or credential information, please complete the IDCARE Get Help form to get help.
Report suspicious activity
If a person contacts you threatening to release your data unless payment is made, please report this immediately to ReportCyber or on 1300 292 371.
To report a scam, please do so via ScamWatch. If there is an imminent threat to your safety call Triple Zero.
For more advice on what to do if you suspect you've been scammed, use the Australian Cyber Security Centre's Have you been hacked? interactive tool.
More information from the Australian government
The government has issued a fact sheet about this cybercrime event and the steps you can take to safeguard your data.
What are the risks of the stolen data and what can I do about it?
What are the risks?
Names, addresses and phone numbers are generally publicly available information and do not pose a high risk (except for those in vulnerable circumstances), but the information can be used for further phishing attacks to obtain more sensitive data. ACMA recently introduced new rules for telcos that enforce stronger customer identity checks for SIM-swap requests, which makes it harder for scammers to take over a mobile number.
What you can do?
Be alert for any phishing scams that may come to you by phone, post or email. This might include unsolicited calls asking for personally identifiable information, such as your date of birth. Scammers will often pretend to be from your bank or other well-known organisations, but real companies and institutions will never call you out of the blue and ask for personal information. To report a scam, please email us at scaminvestigations@ahm.com.au and/or go to Scamwatch.
What are the risks?
On its own a stolen email address is a low risk and may result in you receiving increased spam activity. When coupled with your name and other personally identifiable information, there is an increased risk of targeted spam (spear phishing) and social engineering.
What you can do?
Be extra vigilant when checking emails and verify the sender before clicking on any links. If an email looks suspicious, delete it. Update your ahm online member services password with a strong password or passphrase. Set up multi-factor authentication where possible and read about how to recognise scams from the Australian Cyber Security Centre government website.
What are the risks?
Date of birth is a key data point and many companies use this as one of the security questions to confirm your identity. Combined with your name, address and phone number, scammers may attempt to access and/or create online accounts in your name.
What you can do?
Hide your birthday on your social media accounts to reduce any further risk. Keep an eye on your bank and other financial accounts for any unusual or fraudulent activity and do not provide personal or credential information to anyone who has contacted you. Read about how to recognise scams from the Australian Cyber Security Centre government website.
What are the risks?
Services Australia has advised that someone cannot access your Medicare details with just your Medicare card number. However, combined with other personal information (such as full contact details, passport number, etc.), it can place you at higher risk of misuse.
Services Australia has also put in additional security measures to protect your Medicare details.
What you can do?
If you’ve confirmed your Medicare details have been exposed and are concerned, you can request a replacement card with a new Medicare number using your Medicare online account through myGov. More information can be found on the Services Australia website.
Scammers may try to use passport numbers to gain access to accounts where it’s used as a form of verification, such as attempts at SIM swaps (porting your mobile number to another SIM card) or opening a new financial account. However, the passport number alone without the expiry date or copy of the document poses a low risk. ahm does not collect primary identity documents for resident customers except in exceptional circumstances.
What you can do?
The Department of Home Affairs has advised that since only the passport number and not the expiry date or copy of the passport was compromised, it is unlikely that you will need to replace your passport. Without the passport expiry date, the likelihood of fraud from the passport number alone is limited.
We do understand that you may still want to replace your passport, which is why we are offering to reimburse you for the cost of doing so.
To be eligible for passport reimbursement:
- You must have provided us with your passport number
- The passport number we have on record for you must be current.
Please contact us on 134 246 (from within Australia) or +61 2 4221 8888 (from outside Australia) to confirm you are eligible for a government ID reimbursement as part of our Cyber Response Support Program.
Before you take any action, we recommend that you refer to your government’s official passport website or issuing authority for advice. We also recommend you check that you provided us with your passport number.
What are the risks?
Scammers may attempt to use sensitive medical history information for blackmailing purposes. Your health information in the wrong hands may lead to discrimination and threats. The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen ahm customer data.
What you can do?
If a person contacts you threatening to release your personal information unless payment is made, please report this immediately to the Australian Cyber Security government website at ReportCyber
What are the risks?
Customer banking and credit card details were not accessed in the cybercrime.
What you can do?
There's no need for any additional action at this time. If you are concerned, we recommend you monitor your accounts for any unusual activity.
What are the risks?
Not accessed. ahm does not collect primary identity documents for resident customers except in exceptional circumstances.
What you can do?
There's no need for any additional action at this time.
What are the risks?
Customer health claims data for extras were not accessed in the cybercrime.
What you can do?
There's no need for any additional action at this time.
Cybercrime support and advice
Our dedicated Cyber Response Support Program includes practical and emotional support for current and former customers who have been affected by this crime.
Guard
Avoid or handle identity theft, and manage scams that may be related to cybercrime.
Support
Manage the mental health and wellbeing impacts of the cybercrime.
Protect
Protect yourself from the risks of cybercrime.
More about our Cyber Response Support Program