‘Case closed’: Medibank hackers release more customer information in massive file dump

By Colin Kruger

The criminals who stole information on Medibank Private’s entire customer base have released a massive data file overnight with more sensitive customer data. But they have also hinted that this could be the last as Australia’s largest private health insurer continues to refuse to pay a $US10 million ($15 million) ransom.

In the early hours of this morning, the hackers made an update to the dark web blog that has been used to release information saying: “Happy Cyber Security Day!!! Added folder full. Case closed.”

The hackers have released a massive file overnight that it says contains the information of Medibank customers.
The hackers have released a massive file overnight that it says contains the information of Medibank customers.Credit:Steven Siewart

A file called “Full” that contained six zipped files of raw data was added to one of the mirror sites. At a size of six gigabytes, it is much larger than any of the previous releases. There are fears the data dump is the entirety of what the hackers accessed.

The hackers have already moved on to fresh victims, with the blog site posting data allegedly stolen from a US medical group, Sunknowledge Services, and a US school this week.

Medibank said it is still analysing the data released this morning but said it appears to be customer information stolen by the hackers.

“The raw data we have analysed today so far is incomplete and hard to understand,” it said this morning.

“Unfortunately, we expected the criminal to continue to release files on the dark web.”

Medibank reiterated that there are no signs that financial or banking data has been taken. It also says, the personal data accessed, by itself, is not sufficient to enable identify and financial fraud.


“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” Medibank chief executive David Koczkar, said.

Meanwhile, the Russian Ministry for Foreign Affairs has condemned accusations by the Australian government that link it to the hackers involved in the Medibank attack.

“Australia has picked up the baton in the anti-Russia media campaign. This is the only explanation for its unsubstantiated and politicised allegations of Russian cyberattacks on medibank,” The official twitter account of the ministry said this morning.

“We strongly condemn such practices.”

Last month, the Australian Federal Police (AFP) Commissioner Reece Kershaw named Russia as the home of the hacking group that is demanding a ransom payment from Medibank after it stole the personal details of millions of customers. This publication has been told that authorities believed the REvil group was involved, pointing to one of Russia’s most active ransomware gangs.

Government Service Minister Bill Shorten told ABC’s RN Breakfast that the latest development was “shocking”.

“The people who’ve hacked Medibank are absolute criminal lowlifes,” he said.

“If people think that any government ID has been in any way breached, or they’re aware of it, contact us.”

“From our end, we’re just going to have to muscle up and put whatever resources we need in to protect people’s information.”

It is the first release of data in more than a week, with the dark web blog site offline for most of last week.

The hackers have drip-fed sensitive health information about Medibank customers on the dark web in an attempt to pressure the company into paying a ransom, which the insurer has refused to pay.

The hackers accessed the health claims data for about 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers.

Medibank later confirmed to this publication that the customers of its budget ahm brand have been the only policyholders whose private health data has been released by hackers who stole information on its entire customer base in October.

It also said that a substantial amount of the information the hackers released has been wrong, suggesting the cyber criminals have had a tough time properly extracting information from the stolen data.

Medibank confirmed that its analysis has shown about 25 per cent of records released on the dark web did not match its customers’ policy details.

More to come

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

Source: Thanks smh.com