Medibank has made headlines once again, with cyber criminals releasing more customer data onto the dark web, along with a rather disturbing message.
On Wednesday evening, the hacking group “Revel” reportedly dumped more private data onto the dark web in a twisted attempt to celebrate “Happy Cyber Security Day!”
They added the phrase “Added folder full. Case closed,” prompting media to believe the saga had finally come to a close.
However, that data is still out there for cyber criminals to take advantage of. With no one yet having been held accountable for the pain and anxiety which Medibank customers have faced, the crisis appears to be anything but over.
Where it all began
In October, the Australian private health insurance provider announced it had been hit by a “cyber incident” after it detected unusual activity on its network.
Medibank CEO David Koczkar’s first comments on the hack were in recognition that the news might “concern” some people. Less than a week later, the insurance giant revealed it had been contacted by a group which was interested in negotiations regarding the removal of the customer data which had been stolen.
The next day, the group which claimed responsibility for the attack sent a ransom note, threatening to leak the sensitive information which they’d stolen.
“We offer to start negotiations in another case we will start realising our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information,” the alleged hackers said in their demand.
Medibank also confirmed it had received a “sample” of the stolen data, believed to be that of their ahm and international student client data.
The cyber criminals were said to have stolen 200GB of data, which includes information about abortions, sexual health, drug addiction and other diagnoses like cancer.
At this point, the government also stepped in, with the Australian Signals Directorate’s Australian Cyber Security Centre and the Department of Home Affairs offering Medibank “significant support”.
In November, Home Affairs Minister Clare O’Neil warned the stolen data could continue to be “drip-fed” for months to come.
The “eye-watering” ransom price for the rest of the information was also revealed, with cyber attackers initially asking for $US10m, or about $15.6 million AUD.
Medibank refused to pay it, a decision backed by government, which had labelled the hackers as “scumbags”.
Only days later, it was also revealed the private details of staff from Medibank itself had also been affected, with hackers stealing their data as well.
The Australian Federal Police identified Russian cyber criminals as the “likely” culprits.
The worst was yet to come; less than a week later, hackers behind the attack released nearly 1500 records onto the dark web.
The saga came to an end – or what looked like an end – on the first day of Summer, after the dumping of thousands more records online.
Ms O’Neil and Attorney-General Mark Dreyfus confirmed on Thursday the federal government had been advised that potentially all the compromised Medibank customer data had now been released.
“The release of such sensitive and personal data is morally reprehensible,” the two Labor MPs said in a joint statement.
The Australian Signals Directorate first engaged Medibank on October 1, and the Australian Government stands with the victims of this cyber incident, they said.
Ms O’Neil and Mr Dreyfus said the agencies tasked with dealing with the breach met again on Thursday.
What’s next, and what can Medibank customers do?
People who’ve been affected by the breach should have received communications from Medibank themselves.
The Medibank website allows customers to enter a unique number they’ve been provided with to access tailored information about what to do from here.
Medibank’s advice and support for customers:
– Update your details, change your passwords, your payment methods and other contact details.
– Access to a cybercrime health and wellbeing line (1800 644 325) has been provided, with experienced councillors ready to help people who are struggling.
– Remain vigilant, keep updated through the Medibank website if there are any more advancements in the situation.
– Learn to recognise scams, be alert for phishing attacks and never give out passwords or sensitive information.
– If someone contacts you looking for money in exchange for your information, report them immediately.
Much like the events which followed the Optus data breach, a class action investigation has been started by law firms in an attempt to hold someone accountable for the data leaks.
Maurice Blackburn lawyers are inviting those affected to register on an online forum to join other victims in a group claim against the insurance company.