Medibank responds to hackers’ biggest data dump overnight
Medibank has released an update after hackers published another huge data dump on the dark web overnight.
Russian hackers who stole Medibank customer data have issued a vile message after making their single largest dump of private information.
“Happy Cyber Security Day!!!,” the group known as Revel reportedly wrote on the dark web overnight.
They posted on the forum where they have made numerous data dumps.
“Added folder full. Case closed.”
Medibank chief executive David Koczkar said while some media reports suggested the data dump was a sign of “case closed”, the insurance company’s “work is not over”.
While you were sleeping - or watching the Socceroos, the #Medibank Hacker dumped data, and LOTS of it. https://t.co/q9GQMYONd7
— Trevor Long (@trevorlong) November 30, 2022
“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.
Medibank confirmed that the data was contained in six “zipped” files inside a folder called “full”, which contained raw data.
Interestingly, the data appears “incomplete and hard to understand”.
For example, health claims data released in the data dump has not been linked to customer names and contact details.
The folder is 6.5 gigabytes – overwhelmingly larger than the previous dumps that were less than a megabyte, according to early reports from Nine News.
Mr Koczkar again “unreservedly” apologised to the company’s 3.9 million current and former customers.
“Again, I unreservedly apologise to our customers,” he said.
“We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.”
The group claimed the data dump would be their final update.
It is believed the files contain data of thousands of Australians.
Government Services and NDIS Minister Bill Shorten called the development “shocking”.
“The people who’ve hacked Medibank are absolute criminal low-life.
“What I can say from the point of view of my responsibilities is that if people think that any government ID has in any way been breached … contact us.”
The hack, which happened in October, impacted 9.7 million current and former customers.
Hackers began dumping data after the insurer refused to pay the $15m ransom – a move the federal government supported.
Last week, the group released 1500 records related to claims for conditions such as cancer, dementia and mental health conditions.
Information relating to drug and alcohol use, as well as terminating pregnancies has also been released.
Earlier this month, it was announced Deloitte would conduct an external review of Medibank.
Join the conversation
Call for action over election deepfakes
A Greens senator has lashed Labor for not enacting “essential guard rails” on AI deepfakes ahead of this year’s federal election.
Read more
Major change to credit cards an Aussie first
An Australian bank has been the first mover Down Under to catch up with a key anti-scam development being used around the world.
Read more
Warning as scammers use fake AusPost link
A fresh warning has been released about an online scam where fraudsters use fake Australia Post links to defraud sellers on Facebook Marketplace.
Read more