A ransomware gang has threatened to publish the personal information of millions of Medibank customers after the private health insurance giant announced it will not pay a ransom demand.
The gang threatening to leak the stolen data is believed to be a rebrand of the defunct, Russian-speaking REvil group, according to a TechCrunch report.
TechCrunch reported seeing a new dark web leak site listing Medibank as one of the gang’s victims. It did not, however, reveal how much data it exfiltrated from Medibank’s network, and did not share evidence of its claims.
Medibank first announced the cyberattack on October 12. The health insurer has since revealed that criminals have accessed the name, date of birth, address, phone number and email address of around 9.7 million current and former customers and some of their authorised representatives.
Following media reports that criminals have now threatened to publish the stolen data – after the announcement on November 7, when the insurer said it will not pay a ransom – Medibank has issued a warning to customers, stating “criminals could also attempt to contact [them] directly”.
The insurer said it is working with the Australian Government, including the Australian Cyber Security Centre and the Australian Federal Police, to investigate the cybercrime and try to prevent the sharing and sale of Medibank customers’ data.
Medibank issued the following advice for customers:
The insurer also shared a list of cybersecurity tips for customers:
The insurer said it will never contact customers asking for password or sensitive information. It also “unreservedly apologise[d]” to its customers.
