The Russian cybercriminals that stole personal data from nearly 10 million Australians have released the single largest data dump to date, announcing it was “case closed” for the Medibank hacking saga.
Six zipped folders, with around 6.5 gigabytes of raw data in a folder called “full” was published by the hacking group on Thursday.
A message on their dark web blog, attached with the stolen data, read, “Happy Cyber Security Day!! Added folder full. Case Closed.”
Up until Thursday, the stolen personal data had been released continuously in tiny batches.
Medibank, Australia’s largest health insurer, said they were aware of the latest data dump and expected the continued release of even more files.
David Koczkar, Medibank CEO, said that for the company, the work of handling the aftermath “is not over.”
“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection and financial hardship measures.”
Koczkar warned that anyone who downloaded this data from the dark web and attempted to profit from it was committing a crime.
“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offences using stolen Medibank customer data,” he said.
Medibank’s initial analysis of the data found that the newly released data appeared to be stolen data but was “incomplete and hard to understand.”
“For example, health claims data released today has not been joined with customer name and contact details,” the company said.
Koczkar also offered another apology to customers, and advised that concerned customers would be able to receive support from its cybercrime and mental health hotlines.
The company has also extended call centre hours and upgraded call centre security with two-factor authentication.
“Again, I unreservedly apologise to our customers,” Koczkar said.
“We remain committed to fully and transparently communicating with customers, and we will continue to contact customers whose data has been released on the dark web.”
It comes after the Australian Prudential Regulation Authority (APRA) announced it had intensified its supervision of Medibank.
APRA member Suzanne Smith said they would consider whether further regulatory action would be needed following an external review to be conducted by a third party.
Who Was Affected?
The company warned customers that the hackers accessed the name, dates of birth, addresses, medicare numbers, phone numbers and email addresses of around 9.7 million current and former customers, including around 5.1 million Medibank customers, 2.8 million ahm health insurance customers, and 1.8 million international customers.Australian health claim data for around 160,000 Medibank customers, around 300,000 ahm customers, and around 20,000 international customers, including service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered, was also breached.
However, credit card and banking details, as well as data on health claims for dental, physiotherapy, optical and psychology, were not breached, the company said.
Medibank previously notified customers that it would not give in to the cyber hacker’s ransom demands based on extensive advice from experts and the Australian government.
“We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Koczkar said.
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
