Urgent warning for every Australian as MORE personal medical records are released on the dark web and the hackers deliver an ominous message
- Group believed to be behind Medibank hack released more medical records
- Sensitive customer details were uploaded to the dark web on Friday morning
- Hackers announced in a blog update that they had ‘added another Boozy.csv file’
- An estimated 9.7 million Medibank customers affected by data breaches
- Group claims they have demanded a ransom of nearly $15 million for the details
The hackers behind the Medibank data theft have sniffed at the federal government after being warned that the ‘smartest and toughest’ people in Australia are coming after them.
The ransomware group allegedly behind the hack overnight claimed they had released more sensitive details of customers’ medical records on the dark web.
“Another Boozy.csv file added…” they wrote in a blog update on Friday.
The file, which appears to be linked to mental health and alcohol problems, comes after a data dump on Thursday called “abortions.csv.”
“You say it’s disgusting (woof-woof), that we publish some data,” they wrote in the blog AAP saw on Friday.
“But we warned you. we always keep our word, if we didn’t receive a ransom we would have to post this data, because no one will believe us in the future.’
The group claimed Thursday that it had demanded a $US1 ransom for each of Medibank’s 9.7 million affected customers, for a total of $US9.7 million (nearly $15 million).
The hackers had demanded a ransom to prevent them from releasing the data, but Medibank said earlier this week it would not pay. Pictured is a stock photo of a hacker
Pictured is important advice for people affected by the Medibank and AHM data hacks
Home Secretary Clare O’Neil told parliament the government is backing Medibank customers, who had the right to keep their information private after the “morally reprehensible and criminal” attack.
“I want the bastards behind this attack to know that the smartest and toughest people in this country are after you,” she said.
The minister spoke twice on Thursday with Medibank chief executive David Koczkar to “clarify” what was expected of Australia’s largest health insurer and to ensure customers were adequately supported.
“I don’t want Australians to have to circulate 14 government departments or parts of Medibank to get what they deserve and need,” said Ms O’Neil.
“I have been assured by Medibank… that if there is a major data dump, they are fully ready to provide services as and when they are needed to Australians who need them.”
The first wave of files dropped on Wednesday included names, dates of birth, addresses, email addresses, phone numbers, health claim information, Medicare numbers for Medibank’s ahm customers and passport numbers for international student customers.
Medibank has repeatedly apologized to past and present customers, but said it would not pay the ransom
Medibank has confirmed details of nearly 500,000 health claims have been stolen, along with personal information, after the group hacked its system last month.
No access to credit card or bank details has been obtained.
Koczkar said releasing the data was outrageous and malicious and could discourage people from seeking medical help.
Australian Federal Police investigators work with international agencies, as well as state and territory police.
Opposition spokesman James Paterson said anyone approached by a person claiming to have access to their data should immediately report it to authorities.
Senator Paterson has proposed a ‘safe harbor’ provision involving the national cybersecurity agency, the Australian Signals Directorate, to give companies time in the immediate aftermath of an attack to respond to the crisis without worrying about legal issues. and privacy implications.
The hackers appeared to have revealed screenshots of private messages recently exchanged between themselves and representatives of Medibank
Hundreds of names, addresses, birthdates and Medicare records were posted under ‘good list’ and ‘naughty list’ on a group blog
The hackers posted a bizarre meme (pictured) in which they threatened to release the personal data of millions of Australia within 24 hours unless Medibank pays
Timeline for hacking data from Medibank
October 13: Medibank has taken the data and policy systems of its budget provider AHM and its international student division offline after a ‘cyber incident’
14 October: Medibank said it had restored its systems and said it was “still responding” to the incident
19 October: The company disclosed to the Australian stock exchange that hackers had contacted the company to “negotiate” more than 200 gigabytes of customer data stolen from Medibank’s systems.
26th of October: Medibank confirmed that the hackers behind the ‘devastating’ data breach managed to access all of its customers’ personal health records
October 27: It turned out that Medibank faced costs of up to $30 million after it was revealed it lacked insurance to protect itself from a cyber-attack
Nov 8: The hackers threatened to disclose the personal information of millions of Australians unless Medibank paid within 24 hours. The company refused to pay, saying: ‘You just can’t trust a criminal’
Nov 9: The ransomware group began posting customer data stolen from Australia’s largest health insurer on the dark web
November 10: The group releases a customer base called ‘abortions.csv’.
Nov 11: The hackers claim they released more sensitive details of customers’ medical records, including a file titled Boozy.csv