A ransomware group has begun publishing customer data from Medibank, Australia’s largest health insurer, on the dark web, just days after Medibank announced it would not pay a ransom.
The uncovered data, which was limited to a few hundred megabytes, was published overnight in a blog linked to the Russian ransomware group REvil after threats were made to release data, and some names, addresses, phone numbers, email addresses, passport numbers and health data stolen from Medibank’s systems have already been posted on a dark web forum, according to the company.
“We expect the criminal to continue to release files on the dark web,” it said, and Medibank remains confident it will not pay a ransom, citing the government’s advice as the basis for its decision.
Medibank had previously disclosed that the data of around 9.7 million current and former customers had been compromised, including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers. In addition, the threat actors gained access to health information from around 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers. Service provider names and codes associated with diagnosis and procedures are among the exposed data.
The leaked data is said to be a “good list” and a “naughty list,” and the hacker claims the data is now being stored in a “not very understandable format” of table dumps, and that they will continue to publish data in parts.
Meanwhile, Prime Minister Anthony Albanese said his government was working with experts on the cyber hack following a series of data breaches that have rocked corporate Australia.
The sources for this piece include an article in Reuters.