Following its refusal to pay a ransom, Medibank confirmed on Thursday that the threat actors responsible for the devastating cyberattack have posted another data dump of information taken from its systems on the dark web.
“We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole,” the Australian health insurer said.
“While our investigation continues there are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identity and financial fraud. The raw data we have analyzed today so far is incomplete and hard to understand.”
The disclosure comes over a month after the business disclosed that, as a result of a ransomware incident in October 2022, personal information belonging to about 9.7 million of its current and past customers was accessed.
Included in these are 5.1 million Medibank clients, 2.8 million ahm clients, and 1.8 million foreign clients. Health claims for around 160,000 Medibank clients, 300,000 ahm consumers, and 20,000 overseas customers could also be accessed.
The most recent dataset, which was uploaded as six ZIP archive files, contains information about health claims, though Medibank noted that much of the data is fragmented and hasn’t been integrated with client names and contact information.
The perpetrators of the attack are suspected to be located in Russia and connected to the REvil ransomware group, which staged a return earlier this May.
The development also coincides with the Office of the Australian Information Commission (OAIC) announcing an investigation into Medibank’s data handling practices in connection with the security incident.
The telecom behemoth Optus is already the subject of a similar investigation to see if the organisation “took reasonable efforts to secure the personal information they stored against misuse, interference, loss, unauthorised access, modification, or disclosure” after a breach in late September 2022.
The large-scale data breaches have also caused the Australian government to enact new legislation, which can result in businesses being fined up to AU$50 million for major or persistent data breaches.
Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.