Medibank hackers issue cryptic ‘Wednesday’ ultimatum to Australia: This is what Russian criminals know about you
- Russian hackers post cryptic message on their blog with ultimatum
- Criminals publish more data and warn that more will appear online on Friday
- “Hope something meaningful (happens) on Wednesday,” the hackers said
- Medibank has a shareholders’ meeting to be held on Wednesday
Hackers behind the Medibank cyber attack have released more sensitive customer data related to mental health treatment.
The file was posted on the dark web on Monday, where the hackers previously published data from Australia’s largest private health insurer.
It contains 500 records for people who have had diagnoses of mental illness, among other medical conditions.
Home Secretary Clare O’Neil has issued urgent instructions to Medibank customers on how to protect themselves – after Russian hackers released the data of millions on the dark web
The Russian criminals said they would not post more information until Friday and said they will closely monitor Wednesday’s Medibank shareholder meeting.
“There are even more records for everyone to know,” they wrote in an update.
“We will be announcing that the next piece of data that we will publish on Friday will completely bypass this week in hopes that something meaningful happened on Wednesday.”
Medibank CEO David Koczkar apologized for releasing the sensitive information.
“We will continue to support all people affected by this crime through our Cyber Response Support Program,” he said.
Law firm Maurice Blackburn is looking at whether compensation should be sought for Medibank customers
“This includes support for mental health and wellness, identity protection and measures against financial hardship.”
A number of health and community organizations have called on major social media outlets to remove posts sharing the sensitive information.
Meanwhile, Medibank can take legal action because of the data breach.
Law firm Maurice Blackburn confirmed it is investigating whether customers affected by the hack are entitled to compensation.
The company’s lead attorney, Andrew Watson, said the data breach was one of the most serious seen in Australia.
In response to the breach, Home Secretary Clare O’Neil listed the actions Medibank Private and AHM customers should take
“Companies that retain sensitive health information of their customers have an important obligation to ensure that information is protected, commensurate with the sensitivity of that data,” he said.
“Medibank has a greater responsibility to provide more safeguards to secure the personal and health claim information it has collected from its customers.”
Data, including names, phone numbers, Medicare numbers and sensitive health information, was captured by the hackers during the breach.
The hackers appeared to have revealed screenshots of private messages recently exchanged between themselves and representatives of Medibank
As the government looks for solutions to improve cybersecurity laws, Home Secretary Clare O’Neil has indicated that it may soon be illegal for companies to demand ransoms from hackers if they are victims of a data breach.
“The way we think about the reform task…is a series of quick wins, things we can do quickly, and championing the new police operation is one of them,” Ms. O’Neil told the ABCs. Insiders on Sunday.
Federal police confirmed last week that Russian hackers were behind the attack.
A 100-officer permanent cybercrime operation targeting hackers will be led by the AFP and the Australian Signals Directorate.
“We’re going to find these people offensive, hunt them down and weaken them before they can attack our country,” Ms O’Neil said.