Medibank chairman Mike Wilkins also apologised to investors and customers in his speech.
“It has caused distress and concern for many of our customers, our people and for you, our shareholders – many of whom I know are also customers.
“I unreservedly apologise to every person for the significant impact of this crime. It is a despicable act by the criminal seeking to extort payment based on the privacy concerns of our customers and must be condemned in the strongest possible terms.”
Wilkins said the board will continue to invest in mitigating these risks and indicated that major shareholders and advisors have shown support for the board ahead of what is expected to be a fiery meeting with shareholders get to question the board members and executives about the attack.
The data was stolen by hackers in October. Medibank revealed last week it had rejected hacker demands that it pay a ransom in return for it not being released. The ransomware group suspected to be behind the attack then began releasing tranches of stolen Medibank data on the dark web.
Proxy advisers have warned that Medibank Private’s executives and board they will be held accountable for the catastrophic cyberattack which exposed customers, but the private health insurer’s top managers won’t be facing a strike against its remuneration report today.
Proxy investment advisors ISS, and CGI Glass Lewis, are telling investors to support all resolutions at the meeting, including the remuneration report and performance incentives for Koczkar. He received more than $2 million worth of short-term incentives and performance rights as part of his remuneration of $3.76 million last year.
However, while CGI Glass Lewis has recommended all directors be re-elected on Wednesday to ensure the group has a stable board to respond to “rapid developments,” it flagged board renewal and executive scalps may be needed over the coming year and raised the spectre of executive pay ‘clawbacks’ to account for any shortcomings that allowed the attack to be so damaging.
The hacking incident escalated again on Monday when this publication revealed that employee data was also hacked, which potentially opens up new vulnerabilities for its computer systems.
The theft was part of the same hack that acquired data on all 9.7 million current and former customers, including sensitive health information on about 500,000 policyholders.
The Australian Federal Police are stepping up efforts to contain the fallout of the Medibank hack amid emerging evidence that the sensitive health data leaked by the criminals is becoming more publicly available.
“The Australian Federal Police are aware of data on new sites and will be addressing it,” a Medibank Private spokeswoman said in response to inquiries.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.