Medibank has slammed the hackers behind the health insurer’s data breach, warning they could continue to release personal information each day amid the “notoriety”.
A third wave of sensitive data, including information about people’s mental health status and drug and alcohol use, was posted on the dark web overnight.
The group allegedly behind the hack posted the data of more than 240 people in a file titled “boozy”.
The data in the file is understood to include information about mental health and alcohol issues and follows the release of a file labelled “abortions” on Thursday.
“You telling that is disgusting (woof-woof), that we published some data. But we warned you, we always keep our word,” the hackers wrote.
“If we wouldn‘t receive a ransom – we should post this data, because nobody will believe us in the future. Same about our words, regarding we wouldn’t post any data in the future, if we receive a ransom payments.”
The group, posting on a dark web blog linked to the REvil Russian ransomware group, had claimed they sought $US10m ($A15.1m) from Medibank to prevent the data leak.
Medibank chief executive David Koczkar warned he expected the group to “continue to release stolen customer data each day”.
“The relentless nature of this tactic being used by the criminal is designed to cause distress and harm,” he said in a statement on Friday morning.
“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.
“It’s obvious the criminal is enjoying the notoriety. Our single focus is the health and wellbeing and care of our customers.”
Medibank is in the process of contacting customers to provide support for mental health, identity protection, and financial hardship measures.
Cyber Security Minister Clare O’Neil on Friday said she had a number of “direct conversations” with Medibank about its failure to protect confidential information.
The “best” from the Australian Federal Police and Australian Signals Directorate were coming for the person or group who released the data, she said.
“These people are the lowest of the low, and we need to stand up against them and really get into this fight against these cyber thugs and cyber criminals,” she said.
“They are horrendous, horrible people who are terrorising innocent victims and this cannot be allowed to happen in our country.”
Anthony Albanese said the state and territory governments were working closely with Medibank to “limit the impact” of the breach.
“I would … urge all Australians, do not access this data … because we need to provide a disincentive for this sort of criminal, disgusting behaviour,” the Prime Minister told ABC Radio.
“We will get to the bottom of where this has come from. We will hold whoever is responsible for this to account.”
Story Credit: news.com.au