Medibank has warned more customer data stolen by hackers, including passport numbers, will be uploaded to the dark web after the first files were dropped overnight.
The data trickle includes names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank’s ahm customers and passport numbers for international student clients.
There are grave concerns digital criminals will exploit the data, which began appearing on a ransomware group’s blog in the early hours of Wednesday under “good-list” and “naughty-list”.
“The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” Medibank said on Wednesday.
“We expect the criminal to continue to release files on the dark web.”
Medibank has promised to tell customers what data it believes has been stolen, if any of their data is included in the files on the dark web and give advice on what to do.
“We unreservedly apologise to our customers,” CEO David Koczkar said.
“This is a criminal act designed to harm our customers and cause distress.”
Prime Minister Anthony Albanese, who has publicly revealed he is a Medibank client, said it was a “tough” time for the insurer’s customers.
“The company has followed the guidelines effectively,” he told reporters in Canberra.
“We are concerned and we will continue to monitor what is occurring.
“We need to keep people’s information as safe as possible. There has been a real wake-up call for corporate Australia with both this breach and also the Optus breach.”
Medibank had rejected hacker demands it pay a ransom in return for the data not being released.
The ransomware group indicated, according to the post seen by AAP, it was releasing data bit by bit because of its complexity.
“Looking back that data is stored not very understandable format (table dumps) we’ll take some time to sort it out,” the post accompanying the lists said.
“We’ll continue posting data partially, need some time to do it pretty.”
The hackers also appeared to have released screenshots of private messages recently exchanged with Medibank representatives.
Medibank has previously confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the unnamed group hacked into its system weeks ago.
Some 9.7 million current and former customers have been affected.
No credit card or banking details were accessed.
Assistant Treasurer Stephen Jones branded the hackers “scumbags”.
“They’re scumbags, they’re crooks, they’re criminals and we shouldn’t be paying ransom,” he told Sky News on Wednesday.
A recent report found 19 per cent of Australian companies had responded to ransomware attacks by paying a ransom.
Mimecast’s 2022 State of Ransomware Readiness report says 20 per cent of companies were asked to pay between $500,000 and $999,999 for their information.
Some 13 per cent of the businesses surveyed said the total cost of the ransomware attacks they’d experienced was between $1 million and $2 million.
