Medibank hack: Massive data file released

Medibank reiterated that there are no signs that financial or banking data has been taken. It also says that the personal data accessed, by itself, is not sufficient to enable identification and financial fraud.

“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” Medibank chief executive David Koczkar said.

Meanwhile, the Russian Ministry for Foreign Affairs has condemned accusations by the Australian government that link it to the hackers involved in the Medibank attack.

“Australia has picked up the baton in the anti-Russia media campaign. This is the only explanation for its unsubstantiated and politicized allegations of Russian cyberattacks on medibank,” the ministry’s official Twitter account said this morning.

“We strongly condemn such practices.”

Last month, Australian Federal Police (AFP) Commissioner Reece Kershaw named Russia as the home of the hacking group that is demanding a ransom payment from Medibank after it stole the personal details of millions of customers. This publication has been told that authorities believed the REvil group was involved, pointing to one of Russia’s most active ransomware gangs.

Government Service Minister Bill Shorten told ABC’s RN Breakfast that the latest development was “shocking”.

“The people who’ve hacked Medibank are absolute criminal lowlifes,” he said.

“If people think that any government ID has been in any way breached, or they’re aware of it, contact us.”

“From our end, we’re just going to have to muscle up and put whatever resources we need in to protect people’s information.”

It is the first release of data in more than a week, with the dark web blog site offline for most of last week.

The hackers have drip-fed sensitive health information about Medibank customers on the dark web in an attempt to pressure the company into paying a ransom, which the insurer has refused to pay.

The hackers accessed the health claims data for about 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers.


Medibank later confirmed that the customers of its budget ahm brand have been the only policyholders whose private health data has been released by the hackers, who stole information on the group’s entire customer base in October.

It also said that a substantial amount of the information the hackers released has been wrong, suggesting the cyber criminals had a tough time properly extracting information from the stolen data.

Medibank confirmed that its analysis has shown about 25 per cent of records released on the dark web did not match its customers’ policy details.

Leave a Comment