Medibank Private Ltd (ASX:MPL) hackers have threatened to publish stolen data of nearly 9.7 million people, following the company taking a stand not to make any ransom payments to the criminals responsible for the data theft.
The hackers had given an ultimatum of 24 hours yesterday on its ransomware blogsite quoting:
“A man who has committed a mistake and doesn’t correct it is committing another mistake”- Confucius
The hacker added: “Data will be publish in 24 hours.
“PS I recommend to sell Medibank stocks”
Medibank said that it was aware of the media reports of the purported threat from the criminals and had advised customers of the risks of the criminals contacting them directly.
Australia's #Medibank has been listed on the site that used to be operated by REvil. The relationship between the current operators of the site and REvil remains unclear. pic.twitter.com/rP1ZxDsBh2— Brett Callow (@BrettCallow) November 7, 2022
“Paying could have the opposite effect”
Medibank chief executive David Koczkar said on Monday there is "only a limited chance" that paying the ransom would result in the hacker giving the stolen customer data back or preventing it from being published.
"In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target," he said in a statement.
"It is for these reasons we have decided we will not pay a ransom for this event."
What is at stake?
Based on Medibank’s investigation to date, the company believes that the cybercriminal has accessed:
- Name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers
- Medicare numbers (but not expiry dates) for ahm customers.
- Passport numbers (but not expiry dates) and visa details for international student customers.
- Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. This includes the service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered. Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed.
- Health provider details, including names, provider numbers and addresses.
Australian insurance provider Medibank Private detected unusual activity on its networks on October 12, 2022, which is now confirmed to be a major cyber incident by the company.
The cyberattack compromised the data of all its 9.7 million current and former customers, which includes Medibank, ahm and international student customers' data.
It took nearly a fortnight for the company to confirm the severity of these attacks, which includes a brief period where the company resumed “normal operations”, brushing off the gravity of the attack.
Following ransom demands from the hacker, the company announced yesterday that no ransom will be paid to the perpetrator of the data theft.
Medibank cybercrime update: today we’ve announced we will not pay the ransom to the criminal responsible for the data theft. A decision based on extensive advice we’ve received from cyber experts & consistent with the position of the Australian governmenthttps://t.co/FUYAN49uWo— Medibank (@medibank) November 6, 2022