I've been receiving the mails, as a medibank member and whilst they beg questions I would agree they represent reasonable, and open, honest statements of what is known, as the problem emerges.<p>I'm not happy, but I am probably not "that's it: I'm changing health fund" unhappy. I want to see what remediation they offer, and what harms flow from the leak. So far, it's privacy invading. Which sucks, but the likelihood of identity theft from this information leak isn't clear to me yet (it's possible medicare identity can be part of the australian 100pts test and so it may have significant risk of abuse, and I might (if one of the affected people) be seeking re-issuance of my medicare number, at their expense.)<p>Compared to the Optus data leak, I don't know what I think. Medibank is a privatised health fund formerly run by the government and subsequently fully privatised. I like former state enterprises, when it comes to choosing private providers, purely personal reasons. I expected better of them frankly, than to implement weak barriers to attack regarding intensely private data like my health records.