December 2, 2022

The cybercriminals behind the Medibank ransomware attack appear to have published the rest of the data stolen from the Australian health insurance giant on the dark web, which appears to contain all of the data they took in a heist that affected 9.7 million customers.

While the Australian insurance group confirms the release of six zipped files of data, government officials reiterate the long-overdue need to overhaul the country’s cyber strategy.

On Thursday morning, the blog, which had been offline for several days earlier in the week, posted, “Happy Cyber Security Day!!!” Full folder was added. “The case is closed.” and included a file containing several compressed files totaling more than 5GB.

Customers’ names, birth dates, passport numbers, information on medical claims, and sensitive files related to abortions and alcohol-related illnesses were previously published by the cybercriminals.

Parts of the data released include correspondence between the cybercriminals and Medibank CEO David Koczkar, including a message in which the hackers threaten to leak “keys for decrypting credit cards,” despite Medibank’s claim that no banking or credit card information was accessed.

Medibank said on Thursday that it was analyzing the data released, but that the files appeared to contain customer information that had been compromised in the breach. According to the cybercriminals, they released the data after Medibank refused to pay their $10 million ransom demand, which was later reduced to $9.7 million, or $1 per affected customer.

The sources for this piece include an article in ZDNET.