Cyber Security Data Management News

Medibank hackers dumps remaining data on dark web

Eliza Sayon Dec 1, 2022

2 min read

Medibank hackers have dumped the remaining customer information they stole from the health insurer on the dark web during the data breach last month.

“Happy Cyber Security Day!!! Added folder full. Case closed,” the hackers posted on Wednesday night.

But unlike previous data dumps, there were no active file names or links in the latest data dump. Earlier links as well as the hackers’ blog have also been made inactive.

A Medibank spokeswoman said the company was aware of the data release and was analysing the information.

“There are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud,” the spokeswoman said.

“The raw data we have analysed today so far is incomplete and hard to understand.”

Medibank chief executive David Koczkar said investigations on the cyber security incident were continuing.

“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” he said.

“We will continue to support all people who have been impacted by this crime through our cyber response support program. This includes mental health and wellbeing support, identity protection and financial hardship measures.”

In October, over 9.7 million current and former customers were affected by the Medibank data breach. Hackers then demanded a $US1 per customer ransom, which Medibank declined to pay.

“If people think that any government ID has been in any way breached or they’re aware of it, contact us,” Minister for Government Services Bill Shorten said.

“There’s no particular comfort that you can give people, but when it’s to do with a government services area, we will red flag anyone we see whose information has been hacked … if anyone tries to use that ID.”

The latest data breach coincides with law firm Maurice Blackburn launching a compensation claim against the health insurance over the hack.

The firm has lodged a formal complaint with the Office of the Australian Information Commissioner, which could order Medibank to pay money to customers affected.

Principal lawyer Andrew Watson said the hack had caused significant distress to customers.

“The right to privacy is a fundamental human right, and the representative complaint to the Australian Information Commissioner offers an avenue of redress to the millions affected by this incident,” he said.

“We cannot undo the damage that has been caused in this data breach, but we can ask the commissioner to investigate the data breach and seek compensation from Medibank on behalf of those affected.”

Federal government agencies as well as Australian Federal Police have been investigating the hack.

With AAP

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.