The Medibank Hackers Have Declared ‘Case Closed’ With Their Latest Data Dump On The Dark Web

medibank data breach case closed

The Medibank hackers have dumped what looks to be the rest of stolen data on the dark web.

Per The Guardian, a new blog post from the cyber criminals contained a folder of compressed data amounting to over 5GB with the message “Happy Cyber Security Day!!! Added folder full. Case closed.”

Medibank was previously told the hackers had taken around 200GB worth of personal customer information that was compressed into a 5GB file. The Guardian suspects this latest dump of data is the remainder of the data seized by the hackers in October.

The insurer released a statement on Thursday detailing what was released in the latest data dump. Early analysis of the release found there were six zipped files in a folder called “full” which held all the allegedly stolen data. A lot of the data is “incomplete and hard to understand” and includes things like health claims without a connected customer name or contact details.

The hackers claiming to be behind the Medibank Private breach of nearly 10 million people’s personal data previously posted a file labelled “abortion” to the dark web.

Medibank confirmed it believed the file was taken from its systems. It appeared to disclose the procedures of 303 customers who terminated non-viable pregnancies.

The specific disclosure of abortion looks to be a misogynistic attack targeted at women and people with uteruses in general and is obviously fucked beyond belief. Not only are people scared of being scammed, but they also have to worry about the stigma around their reproductive health, too.

It came after hackers released two other documents titled the “naughty” and “nice” lists, which included information on a bunch of sensitive medical procedures.

The insurer said it will contact customers whose details have been published. It also warned customers to be weary and not to share their password or sensitive information with anyone pretending to be the company, because it would never ask for that info.

Banking details have not been accessed.

Minister for Home Affairs Clare O’Neil promised police will track down the “scumbags” responsible for the hack in a speech on November 10.

“I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming up to you,” she said, referring to the Australian Federal Police and Australian Signals Directorate.

“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”

The AFP also warned people not to go seeking out any leaked data from the breach themselves, which would be in breach of privacy laws. So don’t be a creep and try to suss people’s abortion info, thanks.

Medibank Private admitted that the hackers stole information on the dark web in October after the insurer refused to pay any ransoms.

In an official statement, the insurer detailed that names, phone numbers, personal addresses, emails, medicare numbers and some passport numbers (of international students) were released into the corners of the internet.

Australian Federal Police’s (AFP) Cyber Command Assistant Commissioner Justine Gough confirmed that the AFP would be stepping up its efforts to ensure that Medibank customers who have had their personal data leaked were protected.

“To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made,” she said in a statement.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years imprisonment.”

Gough also confirmed that the AFP was scouring the dark web to find anyone selling personal information.

In case you missed it, earlier this week Medibank Private declared it would not pay any ransom demanded by hackers and will stick to this decision, even though it ultimately led to the release of said data.

Company CEO David Koczkar said in a statement that there’s only a “limited chance” the return of data would have even happened if Medibank paid the hackers.

“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” he said.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”

The update from the health insurance provider confirmed that a whopping 9.7 million current and former customers and authorised representatives have had personal information accessed in the cyber attack.

This figure was made up of approximately 5.1 million Medibank customers, 2.8 million AHM customers and 1.8 million international customers.

The update also detailed how many customers had their health claims data breached. Those affected include around 160,000 Medibank customers, around 300,000 AHM customers and around 20,000 international student customers. Around 5200 My Home Hospital (MHH) patients and 2900 next of kin have also had contact details breached.

The health insurer said no credit card or banking details were accessed in the attack that they are aware of.

“We take seriously our responsibility to safeguard our customers,” David Koczkar said.

“The weaponisation of their private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.”

Koczkar also confirmed Medibank is going to commission an external review to make sure the company “learns from this event” and continues to strengthen its abilities to protect its customer base.

More Stuff From PEDESTRIAN.TV