Exclusive

Russian embassy claims Australian Federal Police yet to get in touch over Medibank hackers

The AFP said last month that they would talk with Russian authorities about the cybercriminals behind the Medibank hack. Russia's Australian embassy claims they're yet to get in touch.

Medibank signage on a building

Some 9.7 million current and former were affected by the Medibank hack. Source: Getty / Scott Barbour

Key Points
  • Russia's Australian embassy says federal police have not contacted law enforcement agencies about the Medibank hack.
  • The AFP's commissioner said last month the agency would hold talks with Russian authorities about the hackers.
  • He has said cybercriminals from Russia were responsible for the data breach that affected 9.7 million customers.
Russia has denied any contact from Australian authorities over the Medibank hack, three weeks after federal police singled out Russian cyberhackers.

Australian Federal Police (AFP) commissioner Reece Kershaw said on 11 November a group of "loosely affiliated cybercriminals” from Russia which affected 9.7 million current and former Medibank customers, and that talks would be held with Russian law enforcement agencies about the bad actors.

"What I will say is that we will be holding talks with Russian law enforcement about these individuals," he said.

"The AFP is responsible for the Australian Interpol national central bureau, which has direct contact with [the] national central bureau Moscow."

At the time, the Russian embassy in Australia said it was disappointed that the AFP had identified Russia-based criminals as the culprits without contacting Russian officials before the public announcement.

On Thursday, Russia's embassy told SBS News that it was still not aware of any contact from Australian authorities.

“As far as this Embassy knows the Australian side has not engaged with the Russian side on the Medibank hack investigation so far,” it said.
A man wearing an Australian Federal Police uniform who is speaking.
Australian Federal Police commissioner Reece Kershaw said in November a group of "loosely affiliated cybercriminals” from Russia were responsible for the Medibank hack. Source: AAP / Lukas Coch
The embassy said the AFP was aware of which Russian counterparts to contact “if [they] had suspicions they say they had, and wanted to stop the criminals”.

Already tense bilateral relations deteriorated significantly after in February, casting doubt on cooperation from Moscow over the hack.

Home Affairs Minister Clare O’Neil and the Australian Federal Police declined to comment on the claim by Russia's embassy this week.

Mr Kershaw in November did not name those responsible for the hack, although some believe it is linked to REvil — a Russian-based ransomware crime group.

Russian authorities announced in January that REvil had been dismantled and several of its members were charged for their crimes, but experts have said that does not mean .

Ms O'Neil said last month that 100 officers from the AFP and the Australian Signals Directorate would be to deal specifically with the criminals behind the Medibank and hacks.
Medibank hackers declared this week that . However, Australia's largest private health insurer believes more files could be released.

"We are remaining vigilant and are doing everything we can to ensure our customers are supported. It's important everyone stays vigilant to any suspicious activity online or over the phone," Medibank CEO David Koczkar said on Thursday.

That same day, the Office of the Australian Information Commissioner said it had launched an investigation into Medibank's data-handling practices.

The investigation will look at whether the company did enough to protect personal information, and if it took reasonable steps to comply with Australian privacy guidelines.

The commissioner can seek civil penalties through the Federal Court of up to $2.2 million for each privacy contravention.
Hackers began dumping stolen data on the dark web in November — a decision that was backed by the federal government.

Some 5.1 million Medibank customers, 2.8 million customers of its budget subsidiary, ahm, and 1.8 million international customers were affected by the data breach, which was reported in October.

Almost 500,000 health claims have been stolen, along with personal information.

Law firm Maurice Blackburn has launched a formal complaint with the information commissioner in a bid to secure compensation for affected customers.

SBS News has contacted Attorney-General Mark Dreyfus for comment.

With AAP.

Share
4 min read
Published 2 December 2022 3:23pm
Updated 2 December 2022 3:45pm
By David Aidone, Finn McHugh
Source: SBS News


Share this with family and friends