Medibank confirms: Stolen data is posted online
The announcement follows earlier media reports that a ransomware group had started releasing client data after a midnight deadline passed for Australia’s largest health insurer to pay a ransom.
Medibank said the data includes names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers, some international students’ passport numbers and some health claims data.
The gang that leaked the stolen data is believed to be a rebrand of the defunct, Russian-speaking REvil group, according to a TechCrunch report.
TechCrunch reported seeing a new dark web leak site listing Medibank as one of the gang’s victims. It did not, however, reveal how much data it exfiltrated from Medibank’s network, and did not share evidence of its claims.
Medibank first announced the cyberattack on October 12. The health insurer later revealed that criminals accessed personal information from more than nine million current and former customers and some of their authorised representatives.
On November 7, the health insurer said it would not pay a ransom. Medibank also issued a warning to customers, stating “criminals could also attempt to contact [them] directly”.
The insurer said it is working with the Australian government, including the Australian Cyber Security Centre and the Australian Federal Police, to investigate the cybercrime.