Previously, we had reported that Medibank, the health services provider to over 3.9 million people in Australia was hit by a cyberattack. Fast forward a month and a half, and we have learned that hackers have released some more files remaining in their possession on the dark web.
It's a serious setback for the company as it had claimed that there was no evidence of customer data access or data loss at the time of the incident and it was undertaking all necessary steps to cover for the impact the incident may have inflicted.
Brett Callow, the threat analyst at Emsisoft reported that the cybercriminals had released more records in files (Psycho, HIV, Viral, STD) ending with .csv extension and warned about continuing it if something meaningful didn’t happen (believed to be a veiled reference to the AU$15m ransom demand that was refused by the Medibank).
The #Medibank hackers have published more data and stated "Case closed." Whether this means they've now released all the data that was stolen, and what they plan to do with any data that hasn't been released, is unclear. pic.twitter.com/xIUYWPrlll— Brett Callow (@BrettCallow) November 30, 2022
Whether all the data that was stolen has been released or some of it remains with them is unclear.
Meanwhile, Emily Ritchie, Senior Executive External Affairs at Medibank, added:
While our investigation continues there are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud. The raw data we have analysed today so far is incomplete and hard to understand.
The Australian federal police also seem to have identified the hackers. They claim it’s a group to be connected to the REvil ransomware gang, based in Russia. Meanwhile, David Koczkar, Medibank’s chief executive has apologized to the company’s customers and assured them they would continue to contact customers whose data has been released on the dark web.