Medibank hackers have leaked a partial dump of the stolen data on its ransomware forum after giving the company a 24-hour ultimatum yesterday to meet their ransom demands.
The company says that the leaked data is a sample set that includes personal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers, in some cases passport numbers of international students and some health claims data.
In the forum post, the hackers have threatened to keep posting partial dumps and other files obtained from the Medibank servers till their ransom demands are met.
The hackers have also revealed the screenshots of private messages recently exchanged between themselves and Medibank representatives.
As threatened, the hackers responsible for the Medibank ransom have begun dumping data. This is about as bad as we feared it would get. pic.twitter.com/ZAE37rLXQs— Troy Hunt (@troyhunt) November 8, 2022
Praised for not giving into ransom demands
Praising Medibank for not giving in to ransom demands, Australian Prime Minister Anthony Albanese said: “This is really tough for people. I am a Medibank Private customer as well and it will be of concern that some of this information has been put out there.
“Can I say this, though? The company has followed the guidelines effectively.
“The advice is to not engage in a ransom payment.
“If you go down this road, then you end up with more difficulties potentially across a wider range.”
“But we will, through [Home Affairs Minister] Clare O’Neil, be responding extensively about this.
“We are concerned and we will continue to monitor what is occurring.”
If you’re a Medibank or AHM customer, it’s important to be extra vigilant. Here’s what to do if you’re affected ???????????? pic.twitter.com/TBy5kNnEUc— Clare O'Neil MP (@ClareONeilMP) November 9, 2022
What happened?
Australian insurance provider Medibank Private detected unusual activity on its networks on October 12, 2022, which is now confirmed to be a major cyber incident by the company.
The cyberattack compromised the data of all its 9.7 million current and former customers, which includes Medibank, ahm and international student customers' data.
The most serious breach was for around 500,000 customers who have had private health information stolen, including health claims and personal information.
It took nearly a fortnight for the company to confirm the severity of these attacks, which includes a brief period where the company resumed “normal operations”, brushing off the gravity of the attack.
Following ransom demands from the hacker, the company announced yesterday that no ransom will be paid to the perpetrator of the data theft.
Subsequently, the hackers had given Medibank an ultimatum of 24 hours to pay the ransom-which has led to this.
https://t.co/7YXdqZH8Sz— Medibank (@medibank) November 9, 2022
What should I do?
Medibank said that it would inform the customers of the nature of the data leak, and customers who were directly affected would be notified and provided with guidance on what to do.
The company adds that customers should be vigilant with all online communications and transactions including:
- Being alert for any phishing scams via phone, post or email.
- Verifying any communications received to ensure they are legitimate.
- Not opening texts from unknown or suspicious numbers.
- Changing passwords regularly with ‘strong’ passwords, not re-using passwords and activating multi-factor authentications on any online accounts where available.
- Medibank will never contact customers asking for passwords or sensitive information.
This is a criminal investigation by the Australian Federal Police.
I know many are anxious about what has happened at Medibank. Here's the latest update on the Medibank cyber incident and how the Albanese Government is working to protect Australians. #qt pic.twitter.com/8ZHUMRJZUX— Clare O'Neil MP (@ClareONeilMP) November 9, 2022