Medibank data breach: Hackers upload more customer data, say ‘case closed’ on World Cyber Security Day
Medibank, Australia’s largest health insurer, said on Thursday that hackers had released more of its stolen medical records, with media reporting that the full trove of data on millions of customers is now public.
Medibank said in a statement that the Office of the Australian Information Commission (OAIC), the country’s privacy regulator, has also begun investigating how the company handles personal information.
The latest release on the dark web follows gradual uploads, including records of clients’ mental health and alcohol use, which then began Medibank She said on November 7 that she would not pay a ransom.
“The raw data we have analyzed today so far is incomplete and difficult to understand,” said CEO David Kojkar. “While there are media reports that this is a signal to ‘close the case,’ our work is far from finished.”
On Thursday, media reported that a blog that cyber experts believe hackers are using, carried a new post: “Happy Cybersecurity Day!!! Folder full added. Case closed.” It also included a file containing several compressed files of more than 5 GB.
Reuters has not verified the contents of the latest files uploaded to the dark web, a part of the World Wide Web that can only be accessed with special software.
Medibank did not immediately respond to a Reuters question as to whether it believed all the stolen data had now been released.
Last month, the Australian Federal Police said Russia-based hackers were behind Medibank Internet attack, which compromised the details of nearly 10 million current and former customers. Medicare disclosed the breach on Oct. 13.
In an update Thursday morning, Medibank said there are currently no indications of bank data being stolen. It added that the personal details accessed by the hackers were not sufficient to enable the financial fraud.
Medibank said in a statement that six zip files were placed in a file called “Complete” and contained raw data believed to be stolen that had been uploaded.
Australia is grappling with the recent rise in cyberattacks. At least eight companies, including telco Optus, which is owned by Singapore Telecom, have reported breaches since September.
The OAIC, which is also investigating Optus for the breach, did not immediately respond to a Reuters request for comment on the Medibank investigation.
Technology experts said Australia has become quite a target for hackers as skills shortages leave an understaffed and overworked cybersecurity workforce ill-equipped to stop attacks.
© Thomson Reuters 2022