Medibank hackers release more data
The ransomware group dumped a fifth tranche of customer-sensitive information on the dark web overnight after the company earlier this month refused to pay a $US10 million ($15 million) ransom to get it back.
“Added more files psycho.csv, hiv.csv, viral_hepatitis.csv, std.csv, …,” they said in a post on Sunday seen by AAP.
It is believed that the latter files do not contain information about treatments for sexually transmitted diseases and are another example of hackers trying to spread fear.
Treasurer Jim Chalmers said the hacker group’s behavior was despicable.
“These people are complete grubs – plain and simple,” he said on Sunday in Brisbane.
“We all have an interest in stamping out this despicable, despicable, dirty act of the kind that we’ve seen overnight.”
Medibank said the data comprised four files containing 1,496 records and noted that 123 records were from the previous files released. In addition, 375 of the records do not match.
“We are conducting further analysis of the files today to determine their accuracy. Previous files released have not matched our records,” it said.
Medibank confirmed that there was information on chronic conditions such as heart disease, diabetes and asthma, people with cancer and people with mental disorders, including delirium, and other conditions.
“Again, I apologize unreservedly to our customers,” Medibank CEO David Koczkar said in a statement.
He warned that there were real people behind the data.
“Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public Internet forum and tries to profit from it, is committing a crime,” Koczkar said.
Medibank also reminded customers affected by the data theft that they can get help through their Cyber Response Support Program.
This includes support for mental health and wellbeing, identity protection and financial hardship.
“We remain committed to communicating fully and transparently with customers, and we will continue to contact customers whose data has been released on the dark web,” Koczkar said.
The hackers had not posted any new files since November 13, when they announced they were taking a one-week hiatus “in the hope that something meaningful happens” in terms of ransom demands.
Last week at Medibank’s annual meeting in Melbourne, executives stood by the decision not to pay ransom to the hackers, saying it would only encourage other criminals and more hackers.
Medibank also increased its customer support team by more than 300 people.
The Australian Federal Police is investigating the hack.