Medibank Hackers Upload More Customer Data, Says ‘Case Closed’

Medibank, Australia’s largest health insurer, said on Thursday that hackers had released dozens of stolen medical records, as media reported that the entire collection of data on millions of customers was now public.

The Australian Information Commission (OAIC), the country’s privacy regulator, has begun investigating how the company handles personal data, Medibank said in a statement.

The latest release on the dark web follows a series of uploads, including records of customers’ mental health and alcohol use, which began after Medibank said on November 7 it would not pay the ransom.

“The raw data we analyzed today is incomplete and difficult to understand,” said CEO David Koczkar. “Despite media reports that this is a ‘case closed’ sign, our work is not over yet.”

On Thursday, the media reported that the site, believed by computer experts to be used by hackers, had a new message: “Happy Cyber ​​​​Security Day!!! Additional folder is full. Case closed.” It also included a file that contained several compressed files totaling more than 5 gigabytes.

Reuters has not verified the content of recent files uploaded to the dark web, a part of the World Wide Web accessible only through special software.

Medibank did not immediately respond to a Reuters question about whether it believed all of the stolen data had been released.

The Australian Federal Police said last month that Russian hackers were behind the Medibank cyberattack, which compromised the information of nearly 10 million current and former customers. Medicare disclosed the breach on October 13.

In a statement issued on Thursday morning, Medibank said there are currently no signs that bank details have been stolen. The personal details accessed by the hackers were not enough to enable financial fraud, it added.

Six zip files placed in a folder named “full” and containing raw data believed to have been stolen were uploaded, Medibank said in a statement.

Australia has been experiencing a recent increase in cyber attacks. At least eight companies, including telecommunications company Optus, which is owned by Singapore Telecommunications, have reported breaches since September.

The OAIC, which is also investigating Optus for breaches, did not immediately respond to Reuters’ request for comment on the Medibank investigation.

Technology experts say Australia has become a haven for hackers as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.

© Thomson Reuters 2022

Affiliate links may be created automatically – see our ethics statement for details.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: