Sign Up
..... Connect Australia with the world.
Categories

Posted: 2022-11-10 21:53:39

“But we warned you. we always keep our word, if we wouldn’t receive a ransom - we should post this data, because nobody will believe us in the future.”

Medibank chief executive David Koczkar, said they expect this to be a daily occurrence with the hackers clearly enjoying the notoriety.

“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” he said.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.”

Koczkar said Medibank remains committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.

Cybersecurity Minister Clare O’Neil told Nine’s Today show this morning that she has had some “direct conversations” with Medibank about the company’s failure to protect customers’ confidential information.

“I would say across the Australian community, we have been in a slumber about cybersecurity threats that face us. We need to wake up from the slumber. This is the crime type of the future,” she said.

The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.

The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.Credit:Steven Siewert

O’Neil also lamented the leak of data on abortions this week as particularly inhumane.

“It is just completely lacking in humanity what these cyber thugs are doing to innocent Australians right now. Some deeply personal information of Australian women, in particular, has been leaked online. I know for every woman across the country, that will cut deeply. People’s decisions about terminations are private, they are personal, they are unique to that woman.”

The criminals have made good on threats to weaponise the customer data if Medibank failed to pay the ransom.

In communications with Medibank during negotiations - which have since been posted to the blog - the hackers warned they would “regularly post data every day and support the news feed.”

There may be a limit on the data they are willing to release, as this sensitive data effectively becomes worthless for the hackers while increasing the possible damages to Medibank from any class action lawsuit. Bannister Law Class Actions and Centennial Lawyers launched a class action on Monday on behalf of affected customers.

The details of Medibank customers were posted on a blog that has been linked to REvil, a ransomware gang with strong Russian links.

The group claimed on Thursday it had demanded a ransom of $US1 for each of Medibank’s 9.7 million affected customers, for a total of $US9.7 million ($15 million).

Home Affairs Minister Clare O’Neil told parliament on Thursday the government was standing by Medibank customers, who were entitled to have their information kept private after the “morally reprehensible and criminal” attack.

“I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming after you,” she said.

The minister spoke with Medibank chief executive David Koczkar twice on Thursday to “make clear” that Medibank was expected to be the primary support for affected customers.

“Principal responsibility for providing services and support falls to Medibank. This is the duty they owe their customers,” she said.

“That is why we requested that Medibank operate a one-stop-shop model, to assist citizens in accessing the support that has been made available across Medibank, the civil sector and state and federal governments. This is complemented by additional government services, and law enforcement action.”

“I don’t want Australians to have to circulate 14 government departments or areas of Medibank in order to get what they deserve and need,” O’Neil said.

The first wave of files dropped on Wednesday included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers, and passport numbers for international student clients.

Loading

Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group hacked into its system last month.

No credit card or banking details were accessed.

Koczkar said the data release could discourage people from seeking medical care.

AFP Commissioner Reece Kershaw told a Senate estimates committee on Tuesday that they would “relentlessly pursue” the criminals. The FBI is assisting with the investigation.

“I can’t go into the specifics of the investigation but obviously having the strong linkage that we have with the bureau (FBI) … is a positive in a sense of tracking down those people responsible.”

Opposition cyber security spokesman James Paterson said anyone who is contacted by a person purporting to have access to their data should immediately report it to authorities.

Senator Paterson has proposed a “safe harbour” provision - involving the nation’s cyber security agency, the Australian Signals Directorate, to give companies time in the immediate aftermath of an attack to respond to the crisis without worrying about legal and privacy ramifications.

with AAP

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above