The Russian criminals behind the Medibank hack have posted the entire cache of stolen data to the dark web overnight.

The cyber group, known as REvil, posted the 6.5GB file to their blog, writing: “Happy Cyber Security Day!!! Added folder full. Case closed.”

Medibank said they had "expected" the criminals to continue to release the files, after the group started releasing information in November, beginning by releasing sensitive information about the insurer’s customers, including medical histories detailing drug addiction and mental health diagnoses.

"We are in the process of analysing the data, but the data released appears to be the data we believed the criminal stole," a statement from the health insurer read.

"While our investigation continues there are currently no signs that financial or banking data has been taken.  And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud.  The raw data we have analysed today so far is incomplete and hard to understand."

Medibank CEO David Koczkar "unreservedly" apologised to customers, and said the Australian Federal Police would take action against anyone who attempted to profit from downloading the data from the dark web.

“We are remaining vigilant and are doing everything we can to ensure our customers are supported.  It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.

“Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum and attempts to profit from it is committing a crime. 

“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data.  We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data."

REvil had demanded a $15m ransom for the stolen data, initially asking Mediback for $14.73 per impacted customer before “discounting” the demand to $US1 per person impacted. Mediback refused to pay the ransom, claiming it could encourage the criminals to extort the company further.

The breach covers at least 9.7 million current and former customers, including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers.

Medibank have been contacted for comment.

Ellie DudleyLegal Affairs Correspondent

Ellie Dudley is The Australian's legal affairs correspondent covering courts, justice and changes to the legal profession. She edits The Australian's weekly legal newsletter, Ipso Facto, and won Young Journalist of the Year in 2024 at both the Kennedy Awards and the News Awards.

@EllieDudley_

More related stories

News

Meghan Markle’s favourite face gym is opening in Australia, Greta Thunberg publishes Andrew Tate’s contact details

All the news that's fit to mint.

Read more

News

Emily Ratajkowski joins the competitive world of online dating, Nick Kyrgios quits at the last minute

All the news that's fit to mint.

Read more