Medibank hackers have pressed harder with their malicious extortion scheme, this time purportedly leaking abortion-related data, and demanding US$9.7 million as ransom.
According to the Guardian, the data in the leaked ‘abortions file’ is understood to contain information regarding the termination of pregnancy, including non-viable pregnancy, ectopic pregnancy, molar pregnancy, miscarriages and readmission for complications
The hackers leaked the file early this morning on their Darkweb blog, stating that they are offering a discount on their initial 10 million ransom to Medibank.
“We can make discount 9.7 million 1$=1 customer,” they said.
“Medibanks [sic] CEO stated, that ransom amount is ‘irrelevant’.
“We want to inform the customers that he refuses to pay for yours [sic] data more, like 1 USD per person.
“So, probably customers data and extra efforts don’t cost that,” said the hacker.
Medibank urged the media and others to not download sensitive personal data from the dark web and to refrain from contacting its customers directly.
The #Medibank hackers claim the ransom was initially $10 million USD, but offer to reduce it to $9.7 million or $1/customer. They also claim to have released a file named "abortions.csv." Pure evil. 1/2 pic.twitter.com/yDNFVSPGxH— Brett Callow (@BrettCallow) November 9, 2022
Weaponisation of private information
Medibank CEO David Koczkar said: “The release of this stolen data on the dark web is disgraceful.
“We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.
“We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.
“The weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,”
The criminal has released an additional file on a dark web forum containing customer data that is believed to have been stolen from our systems. These are real people behind this data and the misuse of their data is disgraceful and may discourage them from seeking medical care— Medibank (@medibank) November 9, 2022
What happened?
Australian insurance provider Medibank Private detected unusual activity on its networks on October 12, 2022, which is now confirmed to be a major cyber incident by the company.
The cyberattack compromised the data of all its 9.7 million current and former customers, which includes Medibank, ahm and international student customers' data.
The most serious breach was for around 500,000 customers who have had private health information stolen, including health claims and personal information.
It took nearly a fortnight for the company to confirm the severity of these attacks, which includes a brief period where the company resumed “normal operations”, brushing off the gravity of the attack.
Following ransom demands from the hacker, the company announced on Tuesday that no ransom will be paid to the perpetrator of the data theft.
Subsequently, the hackers had given Medibank an ultimatum of 24 hours to pay the ransom.
In the early hours of yesterday, the hackers leaked their first dump of customer data, threatening to leak further data if their demands are not met.
What should I do?
Medibank said that it would inform the customers of the nature of the data leak, and customers who were directly affected would be notified and provided with guidance on what to do.
The company has initiated a cyber response support program, which includes mental health and well-being support, identity protection and financial hardship measures.
The company adds that customers should be vigilant with all online communications and transactions including:
- Being alert for any phishing scams via phone, post or email.
- Verifying any communications received to ensure they are legitimate.
- Not opening texts from unknown or suspicious numbers.
- Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available.
- Medibank will never contact customers asking for passwords or sensitive information.
We will continue supporting all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measureshttps://t.co/LhnCVj9QNj— Medibank (@medibank) November 9, 2022