Medibank Hackers Begin Releasing Customer Data After Ransom Deadline Passed

Medibank Hackers Begin Releasing Customer Data After Ransom Deadline Passed
Medibank signage sits on top of the Medibank building in Docklands, Melbourne of Australia on Oct. 1, 2014. Scott Barbour/Getty Images
Rebecca Zhu
Updated:

The hacking syndicate behind the Medibank cyberattack has followed through on its threat to release the personal details of nearly 10 million Medibank customers after the company refused to pay the ransom.

Personal data, including names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm health insurance customers, some passport numbers for international students, and some health claim data has been put onto the dark web. But credit card or banking details were not breached, Medibank said.

The hacker group started releasing the files from midnight on Nov. 9 after the deadline for paying the ransom passed.

Medibank said they appeared to be a “sample of the data that we earlier determined was accessed by the criminals” and expected the hackers to continue releasing files onto the dark web.

The criminals allegedly announced that, in hindsight, the data was stored in a format that was “not very understandable.”

“We’ll continue posting data partially, need some time to do it pretty,” they said.

The Australian government, including the Australian Cyber Security Centre and the federal police, are working with Medibank.

“We unreservedly apologise to our customers,” Medibank CEO David Koczkar said. “This is a criminal act designed to harm our customers and cause distress.”
The Australian Cyber Security Centre (ACSC) logo at the Brindabella Business Park in Canberra, Australia on Aug. 16, 2018. (AAP Image/Mick Tsikas)
The Australian Cyber Security Centre (ACSC) logo at the Brindabella Business Park in Canberra, Australia on Aug. 16, 2018. AAP Image/Mick Tsikas

All Advice Points to Not Paying Ransom

Medibank told customers on Monday that they had decided against paying the ransom because it could encourage the criminal to carry out further crimes.
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Koczkar said.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”

Assistant Treasurer Stephen Jones backed the decision and condemned the hackers.

“They’re scumbags, they’re crooks, they’re criminals and we shouldn’t be paying ransom,” he told Sky News Australia.

“We shouldn’t be giving in to these fraudsters. The moment we fold, it sends a green light to scumbags like them throughout the world that Australia is a soft target. We cannot give in, and we won’t give in.”

Cyber Security Minister Clare O’Neil also backed the decision and said Medibank’s actions were consistent with government advice.

“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model,” she said on Twitter. “They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.”

The company confirmed that the cyberattack had affected 9.7 million current and former customers, including around 5.1 million Medibank customers, 2.8 million ahm health insurance customers, and 1.8 million international customers.

The Australian government has activated the country’s emergency mechanism, the National Coordination Mechanism, to help deal with the hack.

Originally designed to deal with the pandemic, the mechanism allows the government to bring together agencies across the Australian government, states and territories, and the private sector to help coordinate responses to crises.

Victoria Kelly-Clark contributed to this report.
Related Topics