Medibank yesterday confirmed that 9.7 million Australians had had their basic personal information accessed by the hackers, including 5.1 million Medibank customers, 2.8 million AHM and 1.8 million international customers.
Names, dates of birth, addresses, phone numbers and email addresses were part of the data breach.
In addition, health claims data for 160,000 Medibank customers, 300,000 AHM customers and 20,000 international customers was accessible.
Critically, for the first time, Medibank confirmed they believed that the data was not just accessed but could have been taken by the criminal or criminals involved.
The health insurer yesterday said it would not pay any ransom to the hackers.
"You can't trust criminals," CEO David Koczkar said.
"The reality is, based on our expert advice, that this would increase the likelihood of the criminal using this data, exploiting further our customers, and also putting further Australians at risk by being known to pay ransoms."
It's that data that is now being discussed in dark web forums for potential release, with the alleged hacker quoting Confucius in their post, saying: "A man who has committed a mistake and doesn't correct it is committing another mistake."
Underneath that quote the post says: "Data will be publish in 24 hours. P.S I recommend to sell Medibank stocks."
The safest and most dangerous countries when it comes to cybersecurity
Attached to the post was a meme created online yesterday following Medibank's announcement, featuring two characters from Nintendo's Mario franchise, the Penguin acting as the extortion gang asking if the ransom would be paid, and Medibank as Bowser saying it would not. Interestingly, Bowser is the antagonist in the Mario world, so it's a turning of the tables in many ways.
It is understood that the hackers are using a dark web forum previously used by a group known as "revil" which was active in 2021 before going silent after many arrests were made by Russian authorities. The new group appears to be a reformation of that forum.
It's likely today's post is a further attempt to scare Medibank into paying the ransom.
All customers of Medibank and AHM should be on high alert for scam emails and SMS messages, and also for any messages threatening to release their personal information if a payment is not made. Any payment to a hacker is pointless as they will not remove or delete your information.
Medibank advises customers they have expanded their response, offering:
- A cybercrime health & wellbeing line (1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and issues related to sensitive health information.
- Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from Medibank's contact centre team.
- Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available.
- Personal duress alarms – for customers particularly vulnerable and/or with safety risks.
https://news.google.com/__i/rss/rd/articles/CBMijwFodHRwczovL3d3dy45bmV3cy5jb20uYXUvbmF0aW9uYWwvbWVkaWJhbmstaGFjay1jeWJlci1hdHRhY2tlcnMtdGhyZWF0ZW4tdG8tcG9zdC1kYXRhLWFmdGVyLXJhbnNvbS1yZWZ1c2FsLzFmZTFlZjJlLWFjNDgtNDY2MC1hNWZmLWY3ZmRkYTc5YjQ2ONIBAA?oc=5
2022-11-07 19:22:33Z
1637919672
Bagikan Berita Ini
0 Response to "Medibank hackers threaten to release data within 24 hours - 9News"
Post a Comment