Medibank hackers exposed private medical information on the dark web for a third day on Friday, Nov. 11. But this time they are concentrating on alcohol-related illnesses, as they force Australia's biggest health insurance company to pay a ransom for the plundered client data of over 10 million people, according to a report by AP.
Most Invasive Cybercrime
After Medibank decided against paying a ransom for the return of the stolen data, the thieves started leaking hundreds of customer records on Wednesday, including those relating to HIV and drug addiction treatments, which they referred to as a "naughty" list.
The cyberhackers also dumped sensitive data of patients with harmful levels of alcohol consumption on Thursday. They even went as far as posting records of Aussie women who had non-viable pregnancies or abortions on Friday.
More than 700 customers' medical treatment records had been made public on the same day in what has been called Australia's most invasive cybercrime so far.
Numerous other customers' private information, such as phone numbers and email addresses, that could make them vulnerable to fraud or identity theft, has also been made public, according to AP.
David Koczkar, CEO of Medibank, confirmed the third leak and stated that his organization was contacting impacted customers and providing assistance. He noted that the illegal dumping would continue in the coming days.
Australian officials are hoping that the information stays on the dark web and is not disseminated to a larger audience via social media or extensively covered by news outlets.
Prime Minister Anthony Albanese cautioned against anyone obtaining the data. He is also one of the 9.7 million Medibank customers whose personal information has been illegally taken.
Albanese added that Australian Federal Police will identify the perpetrator of the crime later on Friday.
How the Breach Started
Koczkar, who apologized on behalf of the company and committed to being accountable for protecting client data on Friday, said that the leaking was "disgraceful."
The media has been asked not to download any illegally obtained material by Medibank due to the delicate nature of the stolen client information.
Someone with high-level access to the health insurance company had their credentials stolen, which led to the wider Medibank breach. According to news.com.au, it appears that the login information was sold to a Russian cybercrime site.
In its investor call on October 17, Medibank provided a more thorough account of the hacking and mentioned the stolen user credentials.
The company took the preventive action of making the systems offline in order to protect client data during the onslaught of the breach. It was discovered throughout the investigation that cybersecurity systems had detected activity that was consistent with ransomware.
Related Article : Australia's Medibank Private Hack Exposes 9.7 Million People's Data
This article is owned by Tech Times
Written by Jace Dela Cruz