Medibank hackers have declared 'case closed' after dumping more data. The health insurer isn't so sure

The Medibank hackers say they have released the final tranche of stolen customer data, but Australia's largest private health insurer expects more could be released.

People walking along a footpath. Above them is a sign that reads: "Medibank".

Some 9.7 million current and former customers were affected by the Medibank hack. Source: AAP / Jono Searle

Key Points
  • Medibank said it expected more data to be released despite the hackers declaring "case closed".
  • Federal government agencies, as well as Australian Federal Police, have been investigating the hack.
  • Some 9.7 million current and former customers were affected by the data breach.
The hackers behind the Medibank data breach have dumped the remaining customer information they stole from the health insurer on the dark web.

Medibank reported the breach on 13 October and has been releasing customer information in a staged manner on since early November.

"Happy Cyber Security Day!!! Added folder full. Case closed," the hackers posted on Wednesday night.

But unlike they did not provide active file names or links. Earlier links are also inactive. As well, the hackers' blog had been inactive since 20 November.
MEDIBANK PRIVATE STOCK
Medibank reported the breach on 13 October and the Russian ransomware group has been releasing customer information in a staged manner on the dark web since early November. Source: AAP / STEFAN POSTLES/AAPIMAGE
In a statement, a Medibank spokeswoman said the company was aware of the data release and was analysing the information.

"Unfortunately, we expected the criminal to continue to release files on the dark web," the spokeswoman said.

"There are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud.

"The raw data we have analysed today so far is incomplete and hard to understand."
Medibank chief executive David Koczkar said investigations were continuing.

"We are remaining vigilant and are doing everything we can to ensure our customers are supported. It's important everyone stays vigilant to any suspicious activity online or over the phone," he said.

"We will continue to support all people who have been impacted by this crime through our cyber response support program. This includes mental health and wellbeing support, identity protection and financial hardship measures."

Some 9.7 million current and former customers were affected by the Medibank hack.

In October, the hackers demanded a US$1 ($1.47) per .
Bill Shorten speaking in front of an NDIS sign
Bill Shorten is the federal minister responsible for the National Disability Insurance Scheme. Source: AAP / Mick Tsikas
Government Services Minister Bill Shorten said it was shocking.

"The people are absolute criminal lowlife," he told ABC Radio on Thursday.

"If people think that any government ID has been in any way breached or they're aware of it, contact us.

"There's no particular comfort that you can give people, but when it's to do with a government services area, we will red flag anyone we see whose information has been hacked ... if anyone tries to use that ID."

The latest data breach coincides with law firm Maurice Blackburn launching a compensation claim against the health insurer over the hack.

The firm has lodged a formal complaint with the Office of the Australian Information Commissioner, which could order Medibank to pay money to customers affected.
Principal lawyer Andrew Watson said the hack had caused significant distress to customers.

"The right to privacy is a fundamental human right, and the representative complaint to the Australian Information Commissioner offers an avenue of redress to the millions affected by this incident," he said.

"We cannot undo the damage that has been caused in this data breach, but we can ask the commissioner to investigate the data breach and seek compensation from Medibank on behalf of those affected."

Mr Shorten said Medibank customers would be feeling violated.

"We're just going to have to muscle up and put whatever resources we need to protect people's information from the government side," he said.

Federal government agencies, as well as Australian Federal Police, have been investigating the hack.

Share
3 min read
Published 1 December 2022 10:40am
Source: AAP



Share this with family and friends