Medibank hackers dump remaining customer data

Medibank refuses to pay $15m ransom

The hackers behind the Medibank data breach claim they have dumped the remaining customer information they stole from the health insurer on the dark web.

Medibank reported the breach on October 13 and the Russian ransomware group has been releasing customer information in a staged manner on the dark web since early November.

“Happy Cyber Security Day!!! Added folder full. Case closed,” the hackers posted overnight.

But unlike previous data dumps they did not provide active file names or links. Earlier links are also inactive. As well, the hackers’ blog had been inactive since November 20.

Medibank confirmed the dump on Thursday morning.

“We are in the process of analysing the data, but the data released appears to be the data we believed the criminal stole,” it said in a statement.

“Unfortunately, we expected the criminal to continue to release files on the dark web.”

Some 9.7 million current and former customers were affected by the Medibank hack.

In October, the hackers demanded a $US1 per customer ransom, which Medibank declined to pay.

On Thursday, Medibank said its investigation into the theft was continuing but there were so far not signs that financial or banking data was affected.

“And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud. The raw data we have analysed today so far is incomplete and hard to understand,” it said.

The latest dump of customer information is in six zipped files labelled “full”. Medibank said appeared that the latest release of sensitive health data had not been joined with customers’ names and contact details.

There are 6 zipped files in a folder called ‘full’ containing the raw data that we believed the criminal stole
Much of the data is incomplete and hard to understand
For example, health claims data released today has not been joined with customer name and contact details

Medibank chief executive David Koczkar said while the release of all the data might signal “case closed”, the company’s investigation was not over.

“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.

Government Services Minister Bill Shorten said the release was shocking.

“The people who’ve hacked Medibank are absolute criminal lowlife,” he told ABC Radio on Thursday.

“If people think that any government ID has been in any way breached or they’re aware of it, contact us.

“There’s no particular comfort that you can give people, but when it’s to do with a government services area, we will red flag anyone we see whose information has been hacked … if anyone tries to use that ID.”

Mr Shorten said Medibank customers would be feeling violated.

“We’re just going to have to muscle up and put whatever resources we need to protect people’s information from the government side,” he said.

Federal government agencies as well as Australian Federal Police have been investigating the hack.

The latest data breach coincides with law firm Maurice Blackburn launching a compensation claim against over the hack.

The firm has lodged a formal complaint with the information commissioner, which could order Medibank to pay money to affected customers.

Principal lawyer Andrew Watson said the hack had caused significant distress to customers.

“The right to privacy is a fundamental human right, and the representative complaint to the Australian information commissioner offers an avenue of redress to the millions affected by this incident,” he said.

“We cannot undo the damage that has been caused in this data breach, but we can ask the commissioner to investigate the data breach and seek compensation from Medibank on behalf of those affected.”

Federal government agencies as well as Australian Federal Police have been investigating the hack.

– with AAP

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.