Hacker may release more data: Medibank
Australian health insurer says customer details already on dark web
Australia's biggest health insurer Medibank Private Ltd, recently hit by a massive cyber hack, said on Wednesday the hacker could release more stolen data after the company refused to make ransom payments.
Some names, addresses, phone numbers, email addresses, passport numbers of international students and health claims data stolen from Medibank's systems have already been released on a dark web forum, the company said in a statement.
"We expect the criminal to continue to release files on the dark web," it said.
Local media has reported the stolen data was posted on a blog linked to ransomware crime group REvil.
Medibank is Australia's largest private health insurer and the hack is likely to include some of the country's most influential and wealthy individuals.
Prime Minister Anthony Albanese said his government was working with investigators on the cyber hack, the latest in a string of data breaches which have rocked corporate Australia.
"This is really tough for people. I'm a Medibank private customer as well, and it will be of concern that some of this information has been put out there," Albanese said during a media briefing.
It was not immediately clear whether the hacker has access to the prime minister's medical or personal details.
Data of around 9.7 million current and former customers were compromised, Medibank has said.
Medibank shares have plunged 22 percent since the hack was revealed by the company on October 13. Shares were up nearly 2 percent in late morning trade on Wednesday.
Medibank's decision not to pay a ransom is consistent with the government's advice, Federal Cyber Security Minister Clare O'Neil said in a statement on Wednesday. She urged impacted customers to be on high alert for extortion attempts.
Medibank Chief Executive David Koczkar described the incident as "a criminal act" on Wednesday.
The hackers also uploaded what they said were a series of messages sent to Medibank in the days before the leak.
"We will do everything in our power to inflict as much damage as possible for you, both financial and reputational," one message from the hackers read.
Australia has seen a spike in cyberattacks with at least eight companies, including Singapore Telecommunications-owned telecoms company Optus, reporting breaches since September.
Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.
Some names, addresses, phone numbers, email addresses, passport numbers of international students and health claims data stolen from Medibank's systems have already been released on a dark web forum, the company said in a statement.
"We expect the criminal to continue to release files on the dark web," it said.
Local media has reported the stolen data was posted on a blog linked to ransomware crime group REvil.
Medibank is Australia's largest private health insurer and the hack is likely to include some of the country's most influential and wealthy individuals.
Prime Minister Anthony Albanese said his government was working with investigators on the cyber hack, the latest in a string of data breaches which have rocked corporate Australia.
"This is really tough for people. I'm a Medibank private customer as well, and it will be of concern that some of this information has been put out there," Albanese said during a media briefing.
It was not immediately clear whether the hacker has access to the prime minister's medical or personal details.
Data of around 9.7 million current and former customers were compromised, Medibank has said.
Medibank shares have plunged 22 percent since the hack was revealed by the company on October 13. Shares were up nearly 2 percent in late morning trade on Wednesday.
Medibank's decision not to pay a ransom is consistent with the government's advice, Federal Cyber Security Minister Clare O'Neil said in a statement on Wednesday. She urged impacted customers to be on high alert for extortion attempts.
Medibank Chief Executive David Koczkar described the incident as "a criminal act" on Wednesday.
The hackers also uploaded what they said were a series of messages sent to Medibank in the days before the leak.
"We will do everything in our power to inflict as much damage as possible for you, both financial and reputational," one message from the hackers read.
Australia has seen a spike in cyberattacks with at least eight companies, including Singapore Telecommunications-owned telecoms company Optus, reporting breaches since September.
Technology experts have said Australia has become a target for hackers just as a skills shortage leaves an understaffed, overworked cybersecurity workforce ill-equipped to stop attacks.
RELATED ARTICLES
