Medibank Data Breach: Hackers Threaten to Release Data Within 24 Hours

Australian health insurance company, Medibank announces that it would not be fulfilling the ransom demands of the threat group or individual involved in the mid-October data breach. The insurance company confirmed this less than a day after the breach. The threat actor, claiming to have possession of the data is now threatening the company to release it within 24 hours if the ransom demand is not made. 

A day before this announcement, on November 7, Medibank confirmed that its 9.7 million current and former customers had their basic personal data accessed by hackers. The victims include 5.1 million Medibank customers, 2.8 AHM and 1.8 million international customers. 

The accessed data involved victims’ names, date of birth, addresses, phone numbers and email addresses. 

Medibank adds that along with the personal information, the hackers had access to the health claims data for 16,000 of its customers, 300,000 AHM customers and 20,000 international customers.

For the first time, Medibank confirmed they believed that the data was not just accessed but could have been taken by the criminal or criminals involved. The health insurer yesterday said it would not pay any ransom to the hackers. Medibank made a public statement, refusing to be paying the ransom demand. 

In the message, the supposed hacker quotes Confuscious, implying Medibank is making a "mistake" by not paying the ransom. The malicious actor then said that they would release the data within the next 24 hours, and advised readers to "sell Medibank stock". 

Around midnight, the threat actor or group posted a ransom demand to its dark web blog, “data will be public [sic] in 24 hours.” “P.S. I recommend to sell Medibank [sic] stocks,” the post further read. 

By the close of trade on Tuesday, the insurance company’s shares went down by 21 percent from AU$3.51 to AU$2.78 in the last three weeks, following the announcement of the data breach. 

Medibank called the threat to release the data “distressing developments.” 

Following the data breach, David Koczkar, CEO of Medibank, apologized to those affected, saying that "We unreservedly apologize to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponization of their private information is malicious, and it is an attack on the most vulnerable members of our community."  

After the threat surfaced, Medibank contacted its customers, warning them of possible scam and direct phishing attacks. The company also urged all those who were victims of cybercrime or had been contacted by someone claiming to have their data to report it to the Australian Cyber Security Centre. 

Moreover, Medibank continues to work with the Australian Government, along with the Australian Cyber Security Centre and the Australian Federal Police to investigate the cyberattack and prevent the leak and selling of its customer's stolen data.