Hacker releases stolen Medibank data on the dark web

The hacker that stole 200GB worth of customer data from Australian health insurance provider Medibank has released files containing some of the data on the dark web.

The data leak comes after Medibank publicly refused to pay the hacker a ransom on November 7. This prompted the malicious actor to post a threat on November 8 on a dark web site backed by Russian ransomware group REvil. It stated  they would release the data in 24 hours.

The data released so far includes names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers, passport numbers and some health claims data. Medicare has said it expects the malicious actor to continue to release customer data and has warned its customers to “stay vigilant” in the face of potential phishing attacks and extortion attempts.

The company said it will “work around the clock to inform customers of what data [it] believe[s] has been stolen and any of their data included in the files on the dark web”, as well as providing advice for those who have had their data leaked.

Medibank CEO David Koczkar said the company “unreservedly apologize[s]” to its customers and called the cyber attack and leak a “criminal act designed to harm our customers and cause distress”.

Medibank continues to work with the Australian Government, including the Australian Cyber Security Centre and the Australian Federal Police (AFP), which is investigating the cyber crime.

The AFP is working with those in the public and private sector to identify anyone who buys or sells personally identifying information and has said it will “relentlessly pursue” the hackers. Through Operation Pallidus, an operation focused on the data breach, the AFP has joined forces with Commonwealth agencies and Five Eyes Law Enforcement partners, which among others includes the FBI.

Additionally, the organization has extended the use of Operation Guardian, which was set up to help more than 10,000 people who had their personal details released as part of the Optus data breach, to Medibank customers affected by the cyber attack and data leak.  

You May Also Like

  • Blizzard Entertainment hit by DDoS attack

  • IOTW: A full timeline of the MOVEit cyber attack

  • PwC and EY impacted by MOVEit cyber attack

  • BlackCat threatens to leak 80GB of Reddit data