Tue 08 November 2022:
In what the health insurer has called a worrisome development, a ransomware gang has threatened to leak Medibank customer data as Australia’s largest health insurer faces a potential class action after the data of 9.7 million current and former customers was breached.
When an unnamed group hacked into Medibank’s system a few weeks ago, it was confirmed that almost 500,000 health claims were obtained and the personal information of both previous and present clients were exposed.
Around midnight, a ransomware group posted to its darknet blog that “data will be publish in 24 hours”.
“P.S. I recommend to sell medibank stocks.”
AUSTRALIA’S OPTUS SAYS PERSONAL DATA POSSIBLY COMPROMISED IN HACK
Australia’s Medibank said on Tuesday it was aware of the threat after announcing the previous day it would not pay a ransom for the personal information of almost 10 million current and former customers.
“We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Medibank Chief Executive Officer David Koczkar said in a statement on Tuesday.
Koczkar urged customers to remain vigilant and warned they could be contacted by the criminal directly.
Medibank reported the cyberattack to authorities on October 19 when the company halted trading of its shares. The insurer initially said 4 million customers had been affected before this week revising the figure to 9.7 million.
On Monday, a blogger using by the name “Extortion Gang” published a message on the dark web warning that the stolen information would be made public within 24 hours and urging readers to sell Medibank stock.
Koczkar said the company had consulted with cybercrime experts before concluding that paying the ransom would not ensure the return of customers’ data and could put “more people in harm’s way by making Australia a bigger target”.
The hacker accessed the health claims of about 160,000 Medibank customers, about 300,000 claims from offshoot ahm customers, and about 20,000 international customers.
Names, dates of birth, address, phone numbers and email addresses were also accessed, raising concerns about future identity fraud.
No credit card or banking details were accessed.
Australia has recently been the target of a number of cyberattacks, including one that compromised the personal information of up to 10 million users of the second-largest telecom company in the country.
Since September, at least eight businesses have reported cybersecurity breaches, and a government assessment released last week claimed that a cybercrime occurs in the country every seven minutes.
The home affairs minister, Clare O’Neil, said Medibank’s decision not to pay a ransom to cyber criminals was in line with government advice.
SOURCE: INDEPENDENT PRESS AND NEWS AGENCIES
___________________________________________________________________________________________________________________________________
FOLLOW INDEPENDENT PRESS:
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
Think your friends would be interested? Share this story!