Russian hackers have begun leaking the private data of Medibank customers – starting with Australians who are HIV positive, battling drug and alcohol addictions and with mental health problems.
The cyber attack was launched last month on Australia’s largest private health insurer, threatening the sensitive personal information of its 9.7 million current and former customers.
Hackers on Tuesday demanded that Medibank pay a ransom within 24 hours or risk the disclosure of their customers’ personal information. Medibank refused to pay the ransom.
The group posted a “naughty list” file on the dark web Wednesday morning of more than 100 patients treated for alcohol abuse, cannabis, cocaine or opioid addiction, HIV and mental health problems.
The private data of Medibank customers battling alcohol and drug addiction was leaked by hackers on the dark web on Wednesday morning (stock image)
That data on the naughty list also includes patient names, personal addresses, dates of birth, and health insurance information.
A “good list” was also published on the dark web containing the same private details of other Medibank customers.
Wednesday’s data dump contained the personal information of a total of 198 patients.
Whatsapp messages between the group and CEO David Koczkar were also released.
‘HI! Since your team is quite shy, we have decided to take the first step in our negotiations,” they reportedly wrote on Oct. 18.
Screenshots released by the hackers, known as Blogxx or REvil, have shown an alleged response from Medibank.
It said, “Hello. We have received your message. We want to talk to you, but we need to make sure you’re the person who claims to have our data.
“Can you tell us all the addresses and phone numbers you’ve sent messages to?”
More than 100 Medibank patients battling addiction had their information leaked into a ‘naught-list’ file. The leak contained their names, addresses and dates of birth
The hackers had demanded a ransom to prevent them from releasing the data, but Medibank said earlier this week it would not pay it (stock image)
The hackers responded with ‘OK, we’ll see’.
According to the screenshots, Medibank later replied, “After considering all options, we’ve decided we can’t afford your query.
“It is also the policy of the Australian government that no ransom should be paid. We understand the impact this can have.’
Medibank has promised to tell customers what data it believes has been stolen, if any of their data is included in the files on the dark web, and advice on what to do.
“The files appear to be an example of the data we previously identified as having been accessed by the criminal,” the company said on Wednesday.
The hackers are expected to continue to leak the private data of more Medibank customers in the coming days.
Pictured is a message purportedly sent by Medibank to the hackers who stole the data
Medibank’s supposed response to Russian hackers who said they wouldn’t pay the ransom is pictured
Pictured is important advice for people affected by the Medibank and AHM data hacks
Prime Minister Anthony Albanese said government security forces are working with Medibank after the latest leak.
He is one of the customers affected by the leak.
“The company has effectively followed the guidelines, the advice not to pay a ransom,” Mr Albanese said.
Former tennis champion and Channel 9 broadcaster Todd Woodbridge is among those targeted.
The 51-year-old, who suffered a mild heart attack last month, received five calls in a row from the same number yesterday.
“They eventually left me a message and the message was that I had to pay bills from the hospital stay I had,” he told Heidi Murphy on 3AW.
“They knew the hospital I was staying at and they wanted me to call back and give me an account number, and they wanted me to pay over the phone.”
Prime Minister Anthony Albanese (pictured), one of the customers affected by the leak, said government security forces were working with the health insurer
Medibank has repeatedly apologized to past and present customers, but said it would not pay the ransom
The Australian Federal Police has expanded its joint initiative with the State and Territory Police set up to investigate the September Optus data breach to also address the Medibank hack.
“Operation Guardian will actively monitor the bright, dark and deep web for the sale and distribution of Medibank Private and Optus data,” said AFP Assistant Commissioner Cyber Command Justine Gough.
“This is not just another attack on an Australian company.
“Law enforcement agencies around the world know that this is a crime type that has no borders and requires sharing of evidence and capabilities.”
Medibank again apologized to past and present customers. It advised customers to be alert to phishing scams by phone, mail or email.
Timeline for hacking data from Medibank
October 13: Medibank has taken the data and policy systems of its budget provider AHM and its international student division offline after a ‘cyber incident’
14 October: Medibank said it had restored its systems and said it was “still responding” to the incident
19 October: The company disclosed to the Australian stock exchange that hackers had reached out to “negotiate” over 200 gigabytes of customer data stolen from Medibank’s systems.
26th of October: Medibank confirmed that the hackers behind the ‘devastating’ data breach managed to access all of its customers’ personal health records
October 27: It turned out that Medibank faced costs of up to $30 million after it was revealed it lacked insurance to protect itself from a cyber-attack
Nov 8: The hackers threatened to disclose the personal information of millions of Australians unless Medibank paid within 24 hours. The company refused to pay, saying: ‘You just can’t trust a criminal’
Nov 9: The ransomware group began posting customer data stolen from Australia’s largest health insurer on the dark web