The rest of the customer data stolen in Medibank ransomware attack It appears to have been posted online.
REvil, the group behind the attack on the Australian health insurer, posted an update on their blog earlier this week, saying “Happy Cyber Security Day!!! Added volume is full. Case closed,” TechCrunch reported.
Since the publication of the post, the blog has not been available, making it impossible to independently confirm the authenticity of the files posted. However, Medibank said the volume hosted six raw data files, compressed into an archive. In total, six gigabytes of data were released, making this Medibank’s single largest leak to date.
No financial statements were taken
She said she was analyzing the data that was made public, but added that “it appears to be the data we thought the criminal stole.”
“While our investigation continues, there are currently no indications that financial or banking data was taken. The personal data stolen, by itself, is not sufficient to enable identity and financial fraud. The raw data we have analyzed today so far is incomplete and difficult to understand,” Medibank posted in an update.
The company concluded that it expects REvil to continue releasing files on the dark web, despite the group’s claims that everything has already been leaked.
Medibank fell victim to a ransomware attack in late October 2022, by REvil, a group with alleged links to the Russian government.
After the initial investigation, information on 9.7 million customers was said to have been taken from the company endpoints (Opens in a new tab)as well as health claims data on half a million others.
The company’s CEO, David Kojkar, later clarified via LinkedIn what kind of data was captured: “The criminal was unable to access credit and bank card details or health claims data to obtain additional services,” he said.
It later emerged that REvil had obtained clients’ names, dates of birth, passport numbers, information on medical claims, and sensitive files related to abortions and alcohol-related illnesses. It also demanded $9.7 million in ransom, one dollar for each customer.
Across: Techcrunch (Opens in a new tab)