Medibank responds to hackers’ biggest data dump overnight
Medibank has released an update after hackers published another huge data dump on the dark web overnight.
Russian hackers who stole Medibank customer data have issued a vile message after making their single largest dump of private information.
“Happy Cyber Security Day!!!,” the group known as Revel reportedly wrote on the dark web overnight.
They posted on the forum where they have made numerous data dumps.
“Added folder full. Case closed.”
Medibank chief executive David Koczkar said while some media reports suggested the data dump was a sign of “case closed”, the insurance company’s “work is not over”.
While you were sleeping - or watching the Socceroos, the #Medibank Hacker dumped data, and LOTS of it. https://t.co/q9GQMYONd7
— Trevor Long (@trevorlong) November 30, 2022
“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.
Medibank confirmed that the data was contained in six “zipped” files inside a folder called “full”, which contained raw data.
Interestingly, the data appears “incomplete and hard to understand”.
For example, health claims data released in the data dump has not been linked to customer names and contact details.
The folder is 6.5 gigabytes – overwhelmingly larger than the previous dumps that were less than a megabyte, according to early reports from Nine News.
Mr Koczkar again “unreservedly” apologised to the company’s 3.9 million current and former customers.
“Again, I unreservedly apologise to our customers,” he said.
“We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.”
The group claimed the data dump would be their final update.
It is believed the files contain data of thousands of Australians.
Government Services and NDIS Minister Bill Shorten called the development “shocking”.
“The people who’ve hacked Medibank are absolute criminal low-life.
“What I can say from the point of view of my responsibilities is that if people think that any government ID has in any way been breached … contact us.”
The hack, which happened in October, impacted 9.7 million current and former customers.
Hackers began dumping data after the insurer refused to pay the $15m ransom – a move the federal government supported.
Last week, the group released 1500 records related to claims for conditions such as cancer, dementia and mental health conditions.
Information relating to drug and alcohol use, as well as terminating pregnancies has also been released.
Earlier this month, it was announced Deloitte would conduct an external review of Medibank.
Join the conversation
Staggering cost of cyber attacks revealed
The eye-watering cost of cyber attacks on small businesses across the country has been revealed, with one business owner revealing he was forced to start again.
Read more
Australia’s most scammed areas revealed
The areas of Australia most targeted by scammers have been revealed, and two factors in particular are at play.
Read more
X-rated renaming of Bob Hawke school
A cheeky hacker has combined a school named after former prime minister Bob Hawke and a viral catchphrase with X-rated results.
Read more