Prime minister Anthony Albanese has confirmed that Australian Federal Police have identified the person behind and the source of the Medibank hack.
Albanese said he has authorised the AFP commissioner to disclose where the attack came from and who is behind it.
Meanwhile, the hackers have released a third dump of sensitive data, including information on people’s mental health status and drug and alcohol use.
On a darkweb ransomware blogsite, the hackers posted the data of more than 240 people in a file titled ‘boozy’.
This follows yesterday’s data leak where the hackers revealed sensitive abortion-related information of Medibank customers.
“You telling that is disgusting (woof-woof), that we published some data. But we warned you, we always keep our word,” the hackers posted.
AFP is set to reveal the information about the Medibank ransomware attack at a press conference at 3:30 PM AEDT today.
Just called @AusFedPolice. They said the phone has not stopped ringing. Press conference re: @medibank ransomware attack at 3:30 PM AEDT. They plan on streaming it on Facebook (NASDAQ:META). Written announcement to come out after presser concludes. #auspol #infosec— Jeremy Kirk (@Jeremy_Kirk) November 11, 2022
“Should be held to account”
Albanese said: “I‘ve certainly authorised the AFP commissioner later today to disclose where these attacks are coming from.
“We know where they’re coming from, we know who is responsible and we say that they should be held to account,” he said.
What happened?
Australian insurance provider Medibank Private detected unusual activity on its networks on October 12, 2022, which is now confirmed to be a major cyber incident by the company.
The cyber attack compromised the data of all its 9.7 million current and former customers, which includes Medibank, ahm and international student customers' data.
The most serious breach was for around 500,000 customers who have had private health information stolen, including health claims and personal information.
It took nearly a fortnight for the company to confirm the severity of these attacks, which includes a brief period where the company resumed 'normal operations', brushing off the gravity of the attack.
Following ransom demands from the hacker, the company announced on Tuesday that no ransom will be paid to the perpetrator of the data theft.
Subsequently, the hackers had given Medibank an ultimatum of 24 hours to pay the ransom.
In the early hours of Wednesday, the hackers leaked their first dump of customer data, threatening to leak further data if their demands were not met.
Subsequently yesterday, the hackers leaked sensitive information containing abortion-related information of Medibank customers.
What should I do?
Medibank said that it would inform the customers of the nature of the data leak, and customers who were directly affected would be notified and provided with guidance on what to do.
The company has initiated a cyber response support program, which includes mental health and wellbeing support, identity protection and financial hardship measures.
The company adds that customers should be vigilant with all online communications and transactions including:
- being alert for any phishing scams via phone, post or email;
- verifying any communications received to ensure they are legitimate;
- not opening texts from unknown or suspicious numbers; and
- changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available.
Given the nature of the stolen data that the criminal continues to release on a dark web forum, we’re in the process of contacting customers, and we urge them to reach out for support https://t.co/tomy6VuhkZ— Medibank (@medibank) November 10, 2022