Sign Up
..... Connect Australia with the world.
Categories

Posted: 2022-11-09 17:49:49

Some of the stolen Medibank customer data has been leaked online after Australia's largest health insurance provider refused to pay a ransom to hackers. 

Here's the latest. 

Are hackers really releasing Medibank data on the dark web?

Yes.

Medibank has confirmed information it believes was stolen from their systems has been posted to a dark web forum.

So far the data released includes names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers and in some cases passport numbers and health claims data.

The group says it will continue to post more data in coming days.

Why are they releasing the information?

The group had demanded an unknown amount of money from Medibank in exchange for not releasing the data.

Medibank won’t say how much the hackers wanted, only that the ransom was made a few weeks ago.

The deadline to pay was midnight on Tuesday.

Why didn’t Medibank just pay the ransom?

The amount of money the hackers demanded is “irrelevant”, according to Medibank chief executive David Koczkar.

Both he and Cyber Security Minister Claire O’Neil say paying the ransom could potentially put more Australians at risk, with no guarantee the data would even be returned.

Paying the money “only fuels the ransomware business model”, says Ms O’Neil.

So, what happens now?

The FBI is helping the Australian Federal Police (AFP) track down those responsible for both the Medibank and Optus data breaches.

Operation Guardian — the AFP investigation set up after 10,200 Optus customer records were published online — has so far made one arrest, a 19-year-old from Sydney

He's since pleaded guilty to blackmail, but he's not the person who initially leaked the information

Beyond that, the investigation is continuing, with AFP cybercrime Assistant Commissioner Justine Gough saying they're "aggressively pursuing all lines of inquiry".  

Space to play or pause, M to mute, left and right arrows to seek, up and down arrows for volume.
Play Video. Duration: 4 minutes 20 seconds
Medibank refuses to pay ransom for hacked data

But how did we get to this point? 

Medibank first alerted the public to the breach on October 13 — at the time it said there was no evidence sensitive data had been accessed. 

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above