SYDNEY: Hackers today began leaking sensitive medical records stolen from a major Australian health insurer that had earlier refused to pay the group’s ransom demand.
Medibank told investors and customers that a “sample” of data from some 9.7 million clients had been posted on a “dark web forum”.
Names, birth dates, addresses, passport numbers and information on medical claims were among the sensitive personal data posted anonymously early today.
Medibank said more leaks were likely.
“The files appear to be a sample of the data that we earlier determined was accessed by the criminal,” the company said in a statement to the Australian Securities Exchange.
“We expect the criminal to continue to release files on the dark web.”
Medibank previously refused to pay ransom to stop the hackers from leaking the data, saying it could fuel further crime and would not guarantee the information was safe.
“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank boss David Koczkar said.
The leaked data was posted on a dark web forum that cannot be found using conventional web browsers.
“We’ll continue posting data partially,” the purported hackers said on the forum.
“Looking back that data is not very understandable format, we’ll take some time to sort it out.”
AFP Assistant Commissioner Cyber Command Justine Gough said the “criminal or criminal groups” responsible for the hack could be operating outside of Australia.
Australia’s assistant treasurer Stephen Jones said they were “scumbags” and “crooks”.
“We shouldn’t be giving in to these fraudsters,” he told Sky News Australia.
“The moment we fold it sends a green light to scumbags like them throughout the world that Australia is a soft target.”
The security breach has already wiped hundreds of millions of US dollars off Medibank’s market value, with the company’s share price down over 20 percent since October.
