Go to listing page

Medibank Leak Hits Dark Web After it Denied Paying Cyber Ransom

Medibank Leak Hits Dark Web After it Denied Paying Cyber Ransom
Medibank’s data has finally been leaked by hackers.

Medibank suffered a data breach last month and had decided not to pay a cyber ransom. The company additionally announced that attackers had access to nearly ten million customer records. A cyber security ransomware group contacted Medibank Group on October 19 asking to negotiate with them.

On denying the ransom

  • David Koczkar, CEO of Medibank, said that even if Medibank pays the cyber ransom, it won't guarantee the return of our customers' data. It moreover won't prevent the attackers from publishing it.
  • In fact, they believed that paying the Medibank cyber attackers if they are paid might encourage them even more. It may also result in extortion attempts from the customers. 
  • In addition, there is a strong chance that paying the cyber ransom additionally puts more people in harm's way.

Medibank warns customers

  • The move of the health insurer of not paying the ransom to attackers meant that they could not go after customers directly, but that also leaves hackers with the only option to make the information public while warning the customers.
  • Medibank has warned all its customers and asked them to remain vigilant, as the attackers may publish customer data online or attempt to contact customers directly.

Data impacted

Medibank revealed that while the cyber attackers failed to access the credit card and banking details, they have important information about around half a million customers.
  • This includes the service provider's name and location, codes associated with diagnoses and procedures administered, and where customers were administered certain medical services.
  • The ransomware cyberattack allowed the attackers to access the names, birth dates, addresses, contact details, email addresses, and other miscellaneous information of about 9.7 million current and former customers and some of their approved representatives.
  • Medibank confirmed that primary identity documents, such as driver's licenses, were not accessed for most of its clients. However, the visa details of around 1.8 million international customers that permit them to reside in Australia now stand exposed.
  • The ID numbers of 2.8 million customers of the Australian national health scheme (Medicare) were additionally breached during the Medibank cyber attack.

Closing lines

The incident is still under investigation by the Australian authorities, however, no one has been blamed. Medibank hasn't provided a thorough justification for how the attackers managed to get past its safeguards, other than to concur with the assumption that the first step an attacker took before stealing data was to corrupt the credentials of authorized users.

Customers are still given support by Medibank, including payments for new identification documents. To improve its capacity to defend its clients against potential cyberattacks, the insurance company has chosen to hire an outside team to review the robustness of the existing cyber infrastructure.
Cyware Publisher