Hackers began exposing stolen confidential medical records from a major Australian insurance company on Wednesday, November 9, 2022.
Medibank, one of Australia’s largest private insurers, has told its investors and customers that a “sample” of data on about 9.7 million customers has been posted on a “dark web forum”. Names, passport numbers, dates of birth, addresses and medical information are among the personal details released anonymously on Wednesday morning.
“The files represent a sample of data that we previously determined the perpetrator had access to,” the company said in a statement to the Australian Securities Exchange. “We expect the perpetrator to continue posting files on the dark web,” she continued.
Information posted on the forum
The data leak was posted on a forum that cannot be found using normal browsers. “We will continue to publish partial data,” the hackers on the forum warned.
The company said on Monday that a cyber attack allowed access to the names, dates of birth, addresses, phone numbers and emails of its customers. An anonymous netizen stated on a hacker blog on Tuesday that “the data (will) be released in 24 hours” and the message was widely picked up by local media.
Medibank then urged its customers to be “vigilant” in the face of this “alarming” threat, released the day after the insurance company ruled out paying the ransom.
Cybercrime experts calculated that paying the ransom had only a “limited chance” of securing the return of stolen data, Medibank chief executive David Kochkar said at the time, adding that it could facilitate outright extortion by his clients.
The Medibank hack comes after a September attack on the country’s second-largest mobile operator, Optus, that leaked the personal data of about nine million Australians, nearly a third of the population.