Medibank chief executive David Koczkar apologised for the latest developments.
“This is a criminal act designed to harm our customers and cause distress,” he said.
“We take seriously our responsibility to safeguard our customers, and we stand ready to support them.”
One of those customers is Prime Minister Anthony Albanese.
Prime Minister Anthony Albanese has praised Medibank for not giving in to ransom demands.Credit:Alex Ellinghausen
“This is really tough for people. I am a Medibank Private customer as well, and it will be of concern that some of this information has been put out there,” Albanese said at a press conference on Wednesday morning.
“Can I say this, though? The company has followed the guidelines effectively. The advice is to not engage in a ransom payment. If you go down this road, then you end up with more difficulties potentially across a wider range.
“But we will, through [Home Affairs Minister] Clare O’Neil, be responding extensively about this. We are concerned and we will continue to monitor what is occurring.”
The details were posted early on Wednesday morning on the dark web under “good-list” and “naughty-list” on a blog that has been linked to REvil, a ransomware gang with strong Russian links.
UNSW Institute for Cyber Security Enterprise director Nigel Phair said the goal of these criminals was ultimately to make money from the data. This means the public dumping of all their information is unlikely.
“To me, they’re [acting like] the crack cocaine salesman by giving a little taste of what they’ve got for free,” he said.
Phair said this leak might just be a final extortion attempt with Medibank before moving to the next step – cashing in on using the data for identity fraud.
“[This] might also be a signal to other criminal groups that they actually do have the right data. And so, if they want to wholesale it with another criminal group, they’re actually proving their bona fides that they have actually got it. They’re not just making it up.”
The home affairs minister hit out at the “scumbag” hackers, describing the ransomware group as “disgraceful human beings”.
She urged social media users not to republish anybody’s leaked health information.
“I know you will not do that because that would be enabling and supporting the scumbags who are at the heart of these crimes,” she said.
O’Neil, the minister responsible for cybersecurity, said she was aware millions of Medibank customers were waking up “angry and fearful” on Wednesday about what would happen to their data. However, she defended the company for not paying a ransom to the hackers, saying this decision was in line with government advice.
The hackers warned early on Tuesday morning that they would release the data in 24 hours. It came one day after Medibank said it would not pay a ransom because that would encourage further crime.
The group posted the first lists in the early hours of Wednesday morning.
“Looking back that data is stored not very understandable (sic) format (table dumps) we’ll take some time to sort it out,” they said.
“We’ll continue posting data partially, need some time to do it pretty.”
The hackers also appeared to have revealed screenshots of private messages recently exchanged between themselves and Medibank representatives.
The first purported message is from October 19 when the original ransom note was sent. The final message is from November 7 when Medibank said it would not pay the ransom. Medibank has been contacted for confirmation that these messages are real.
The post included references to information from the original ransom note which was sent to Medibank and this masthead. This includes a reference to Confluence. It is a ubiquitous tool, made by Australian technology giant Atlassian, that companies use to store essential documentation on how their computer systems work.
Loading
“We’ll continue posting data partially, including confluence [sic], source codes, list of stuff and some files obtained from medi filesystem [sic] from different hosts.”
Medibank revealed on Monday that the data of 9.7 million current and former customers was stolen by the hackers last month.
The most serious breach was for about 500,000 customers who have had private health information stolen, including health claims and personal information.
No credit card or banking details were accessed.
On Tuesday, the ransomware group posted to its blog that “data will be publish [sic] in 24 hours”.
“P.S. I recommend to sell [sic] medibank stocks.”
Medibank has lost more than $1 billion in market value since the hacking incident, and its shares closed just short of two-year lows on Tuesday at $2.78.
But the latest news did not concern the market despite the potential higher damages from a class action lawsuit that was announced this week. Medibank shares were trading 1.1 per cent higher at $2.81 shortly after 1pm AEDT on Wednesday.
Australian Federal Police commissioner Reece Kershaw revealed at a Senate estimates hearing on Tuesday that the FBI is assisting the AFP in tracking down those behind the Medibank and Optus data breaches, saying the investigations would be long and complex.
“The longer it takes relevant agencies to be informed, the harder it is for perpetrators to be identified, disrupted or brought to justice,” he told senators.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.









Add Category