After the Australian medical insurer Medibank refused to pay any ransom to the threat actors, the attackers, believed to be linked to the Russian-backed REvil ransomware, published the remaining stolen data on the dark web.
As per reports, with this, the hacker collective concluded the Medibank data breach. The stolen data includes details of 9.7 million customers, containing their names, email addresses, and other personal information.
The Russian hackers have dumped their most enormous trove of personal information on the dark web and called it their last course of action as ‘the case closed. With the current development in the story, the health insurer could face a multi-million-dollar fine from the authorities as it failed to protect customers’ data, exposing the details of millions of customers to cyber criminals.
According to sources, the threat group posted a blog on its dark web website on Thursday morning, stating, “Happy Cyber Security Day!!! And added a folder named full. Case closed.”
🚨Medibank Update🚨
The cybercriminals behind the #medibank hack have provided a final update
'Added folder full, Case closed'
What does this mean? Some quick 3am insights below 🧵#cybersecurity #infosec #auspol #Australia #CyberSec pic.twitter.com/8Tk4TzosH0
— CyberKnow (@Cyberknow20) November 30, 2022
Medibank investigation
The authorities have begun investigating the case to check if the Australian health insurer took the necessary steps to protect its customers’ data. According to 9news, stakes of “$2.2 million per violation are on the table .” As per the post by the threat actor, the folders contain 6.4 gigabytes of personal information on users and clients associated with Medibank.
In response to the event, Medibank ensures it remains neutral. It is now offering health and well-being support lines and specialized “mental health support” teams to comfort customers who might receive emails, threats, and phishing attempts.
We’re aware stolen Medibank customer data has been released on the dark web overnight. We’re in the process of analysing the data, but it appears to be the data we believed the criminal stole. https://t.co/fS0PCJppNx
— Medibank (@medibank) December 1, 2022
“We remain vigilant and do everything we can to ensure our customers are supported. It’s crucial everyone stays vigilant to any suspicious activity online or over the phone, says Medibank CEO David Koczkar in a blog post shared today.
“We will continue to support all people who this crime has impacted through our Cyber Response Support Program. This includes mental health and wellbeing support, identity protection, and financial hardship measures”, he added.
We apologise unreservedly to our customers. We remain committed to fully and transparently communicating with customers and will continue to contact customers whose data has been released on the dark web
— Medibank (@medibank) December 1, 2022
Sources claim that the threat actors behind the Medibank attack have already moved on from the story and have shifted their focus to newer victims, and recently compromised a New York-based medical group known as the Sunknowledge Services and the Kenosha Unified School District.