Selloff or Market Correction? Either Way, Here's What to Do NextSee Overvalued Stocks

Hackers dump more customer data from Australian insurer Medibank

Published 11/30/2022, 08:24 PM
Updated 12/01/2022, 04:11 PM
© Reuters. FILE PHOTO: FILE PHOTO: An illuminated sign is seen outside a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray/File Photo/File Photo

By Renju Jose

SYDNEY (Reuters) -Medibank Private Ltd, Australia's biggest health insurer, said on Thursday hackers had released more of its stolen medical records, as the media reported that the complete set of data on millions of customers was now public.

The Office of the Australian Information Commission (OAIC), the country's privacy regulator, has also begun investigating how the company handles personal information, Medibank said in a statement.

The latest release on the dark web follows progressive uploads, including records of customers' mental health and alcohol use, that began after Medibank said on Nov. 7 it would not pay a ransom.

"The raw data we have analysed today so far is incomplete and hard to understand," chief executive David Koczkar said. "While there are media reports of this being a signal of 'case closed', our work is not over."

On Thursday, the media reported that a blog, believed by cyber experts to be used by the hackers, carried a new post: "Happy Cyber Security Day!!! Added folder full. Case closed." It also included a file that had several compressed files amounting to more than 5 gigabytes.

Reuters has not verified the contents of the latest files uploaded on the dark web, part of the World Wide Web that is accessible only with a special software.

Medibank did not immediately respond to a Reuters question whether it believed all stolen data had now been released.

Australian Federal Police last month said Russia-based hackers were behind the Medibank cyberattack, which compromised the details of almost 10 million current and former customers. Medicare revealed the breach on Oct. 13.

In an update on Thursday morning, Medibank said there were currently no signs that banking data had been stolen. Personal details accessed by hackers were not enough to enable financial fraud, it added.

Six zipped files placed in a folder called "full" and containing raw data believed to have been stolen had been uploaded, Medibank said in a statement.

Australia has been grappling with a recent rise in cyber attacks. At least eight companies, including telecoms company Optus, owned by Singapore Telecommunications, have reported breaches since September.

© Reuters. FILE PHOTO: FILE PHOTO: An illuminated sign is seen outside a branch of the Australian health insurer Medibank Private in Sydney October 20, 2014. REUTERS/David Gray/File Photo/File Photo

The OAIC, which is also investigating Optus over the breach, did not immedietely respond to a Reuters request for comment on the Medibank investigation.

Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.