Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Medibank Hackers Upload More Customer Data, Say ‘Case Closed’

Share

Medibank, Australia’s biggest health insurer, said on Thursday hackers had released more of its stolen medical records, as the media reported that the complete set of data on millions of customers was now public.

The Office of the Australian Information Commission (OAIC), the country’s privacy regulator, has also begun investigating how the company handles personal information, Medibank said in a statement.

The latest release on the dark web follows progressive uploads, including records of customers’ mental health and alcohol use, that began after Medibank said on November 7 it would not pay a ransom.

“The raw data we have analysed today so far is incomplete and hard to understand,” chief executive David Koczkar said. “While there are media reports of this being a signal of ‘case closed’, our work is not over.”

On Thursday, the media reported that a blog, believed by cyber experts to be used by the hackers, carried a new post: “Happy Cyber Security Day!!! Added folder full. Case closed.” It also included a file that had several compressed files amounting to more than 5 gigabytes.

Reuters has not verified the contents of the latest files uploaded on the dark web, part of the World Wide Web that is accessible only with special software.

Medibank did not immediately respond to a Reuters question about whether it believed all stolen data had now been released.

Australian Federal Police last month said Russia-based hackers were behind the Medibank cyberattack, which compromised the details of almost 10 million current and former customers. Medicare revealed the breach on October 13.

In an update on Thursday morning, Medibank said there were currently no signs that banking data had been stolen. Personal details accessed by hackers were not enough to enable financial fraud, it added.

Six zipped files placed in a folder called “full” and containing raw data believed to have been stolen had been uploaded, Medibank said in a statement.

Australia has been grappling with a recent rise in cyber attacks. At least eight companies, including telecoms company Optus, owned by Singapore Telecommunications, have reported breaches since September.

The OAIC, which is also investigating Optus over the breach, did not immediately respond to a Reuters request for comment on the Medibank investigation.

Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.

© Thomson Reuters 2022


Affiliate links may be automatically generated – see our ethics statement for details.