Medibank data breach

After a few days’ silence, Medibank came back and announced that the data breach was much worse than they initially thought. It now seems that the hackers had gained access to the personal details (name, address, contact details and Medicare numbers) and claims records of all Medibank policyholders, not just the international student and ahm customers.

Once again, the company has reiterated that its systems remain operational, and (unlike Optus) there is no suggestion that Medibank was storing information that it should have deleted.

Clearly, it is upsetting for customers, and we would expect a small number of customers to change providers over this breach. And there will be costs associated with fixing the security holes; the fact that it took Medibank, their IT security consultants and the government team several days to determine the extent of the breach indicates that the hackers were able to cover their tracks fairly well, so these changes will likely take some time. The company is still determining what data has been accessed but has announced various support measures for customers.

But the operational results remain positive: costs were well managed, claims are tracking below expectations and policyholder growth has been above forecasts. Combined with higher returns on float, the underlying business remains strong.

At the time of writing the stock had fallen by $0.57, or about 16%, putting it back to slightly below where it was in June. This is a strong reaction, arguably an overreaction, and we will continue to watch the stock and consider its place in the portfolio as we enter AGM season.

Something else to be mindful of is that many other companies have been affected by data breaches, and it is likely that there are many more that are not reported so prominently. Increased spending on IT security will be a feature of many businesses with large customer bases over the next few years.

Important Information: This document has been prepared by Aequitas Investment Partners ABN 92 644 165 266 (“Aequitas”, “our”, “we”), a Corporate Authorised Representative (no. 1284389) of C2 Financial Services, (Australian Financial Services Licensee no. 502171), and is for distribution within Australia to wholesale clients and financial advisers only.

This document is based on information available at the time of publishing, information which we believe is correct and any opinions, conclusions or forecasts are reasonably held or made as at the time of its compilation, but no warranty is made as to its accuracy, reliability or completeness. To the extent permitted by law, neither Aequitas nor any of its affiliates accept liability to any person for loss or damage arising from the use of the information herein.

Please note that past performance is not a reliable indicator of future performance.

General Advice Warning: This document has been prepared without taking into account your objectives, financial situation or needs, and therefore you should consider its appropriateness, having regard to your objectives, financial situation and needs. Before making any decision about whether to acquire a financial product, you should obtain and read the relevant Product Disclosure Statement (PDS) or Investor Directed Portfolio Service Guide (IDPS Guide) and consider talking to a financial adviser.

Taxation warning: Any taxation considerations are general and based on present taxation laws and may be subject to change. Aequitas is not a registered tax (financial) adviser under the Tax Agent Services Act 2009 and investors should seek tax advice from a registered tax agent or a registered tax (financial) adviser if they intend to rely on this information to satisfy the liabilities or obligations or claim entitlements that arise, or could arise, under a taxation law.