Hundreds of names, addresses, birthdates and health diagnoses were allegedly posted on the dark web overnight and separated into a “good-list” and “naughty-list”.

It comes after the hackers gave the insurance company a 24-hour deadline to pay an unknown ransom.

“I am a Medibank Private customer as well and it will be of concern that some of this information has been put out there,” Mr Albanese told media.

“We are concerned, and we will continue to monitor what is occuring.

“We need to keep people's information as safe as possible. There has been a real wake-up call for corporate Australia with both this breach, and the Optus breach.”

While Mr Albanese is a Medibank customer it is understood he has not had his personal datas leaked online.

But Medibank has warned its customers more of their personal details will soon appear on the dark web.

In a sign the hacking crisis is worsening, the company on Wednesday said “the criminal” behind the hacking wasn’t finished publishing private details, including names, addresses and Medicare numbers.

In a statement, the company said it would work around the clock to inform customers of what data was stolen and if any had made its way to the dark web.

“We expect the criminal to continue to release files on the dark web,” Medibank said.

“Over the last 24 hours we wrote to our customers to alert them to the threat from the criminal that they could begin releasing stolen Medibank customer data on the dark web and that the criminal could also attempt to contact customers directly.”

Medibank CEO David Koczkar said the hack was a “criminal act designed to harm our customers and cause distress.”

“We take seriously our responsibility to safeguard our customers and we stand ready to support them,” he said.

There was only a limited chance that paying a ransom would prevent customers’ data being published, Mr Koczkar said, adding that paying could encourage the hacker to extort customers directly.

Assistant Treasurer Stephen Jones has slammed the hackers behind the theft of highly personal details.

“We shouldn‘t be giving into these fraudsters. The moment we fold, it sends a green light to scumbags like them throughout the world that Australia is a soft target,” he said.

Home Affairs Minister Clare O‘Neil backed Medibankfor not paying the ransom demanded by the hackers.

It comes as the personal information of 9.7 million current and former Medibank customers began appearing online after the company refused to pay the hacker’s ransom.

Hundreds of names, addresses, birthdates and health diagnoses were allegedly posted on the dark web overnight and separated into a “good-list” and ”naughty-list”.

While the Australian Cyber Security Centre and the Australian Federal Police aimed to prevent the release, cyber criminal “REvil” posted a link claiming it contained the first batch of stolen data.

Cyber security threat analyst Brett Callow added that Revi/Blogxx mirrored the data on a second site in an attempt to skirt efforts to take the data down.

Screenshots of the first sample of data, posted to Twitter by CyberKnow, purported to show negotiations before Medibank refused to pay, in a decision announced publicly on November 7.

“After considering all options, we have made a decision that we cannot pay your demand,” an image of the purported exchange reads. “It is also Australian government policy that ransoms should not be paid. We understand the impact this may have.”

Screenshots purporting to show the first of the first batch of data signalled the inclusion of client numbers, birth dates, sex, home address and home phone numbers.

“A quick look at some of the data and it shows names of #Australian hospitals and also #medicare numbers,” CyberKnow posted. “However a review of the larger files would be needed to confirm if it is #medibank data.”

The post, viewed 5,000 times within the first hour of release, said that the raw format of the data was not understandable and that the hackers would take time to sort through and post in small, “human readable” portions.

“We’ll continue posting data partially, need some time to do it pretty … including confluence, source codes, list of stuff and some files obtained from medi filesystem from different hosts,” the post said.

More Coverage

‘It’s the economy, stupid’: Biden’s lesson for Albo

Tom Minear

Musk weighs drastic plan to lock Twitter behind paywall

Merryn Johns, Justin Vallejo

Originally published as Medibank hacker expected to keep posting private details, as the PM reveals he’s a customer.