cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Suspected Medibank hackers begin to leak customer data sample

The suspected Medibank hackers have released a sample of the data stolen from the cyber attack on the private health insurance giant.

user iconReporter
Wed, 09 Nov 2022
Suspected Medibank hackers begin to leak customer data sample
expand image

After Medibank stated they have not and will never pay a ransom, the alleged hackers posted some details, including phone numbers and Medicare numbers, to a dark web forum a day after threatening the data would be released in 24 hours.

The alleged hackers updated their post on the dark web forum with a Confucius quote and a meme featuring Super Mario characters advising Medibank stockholders should sell.

“A man who has committed a mistake and doesn’t correct it is committing another mistake. – Confucius,” the hackers stated.


“Data will be publish in 24 hours.”

“Looking back, that data is stored in not very understandable format (tables dumps) we’ll take some time to sort it out and we posting a small part of the data, in ‘human readable format (sample in json file )’ also we post all raw data,” the hackers added.

“We’ll continue posting data partially, need some time to do it pretty.”

According to 9News, the post to a dark-web link includes some files that show Australians and their healthcare interactions, along with full names, phone numbers, addresses, Medicare numbers, dates of birth, genders as well as the names of healthcare providers and the codes used by Medibank to list diagnosis and treatment.

It also appears that WhatsApp messages between the hackers and Medibank representatives, including the company’s chief executive David Koczkar, have been published, 9News reported, effectively releasing Koczkar’s private phone number.

The dark web forum was used in 2021 by a ransomware group linked to Russia that posted data from hacks; it had been abandoned after many in the hacking group were arrested by Russian authorities, but in recent months, it has been back online.

Over 9.7 million Australians had their basic personal information accessed by the hackers, Medibank has confirmed, including 5.1 million Medibank customers, 2.8 million ahm clients, and 1.8 million international customers.

In a statement released to the ASX this week, Medibank CEO David Koczkar apologised to the company’s 3.8 million members and asserted that the business was acting on expert recommendations, which advised the private health insurer that the cyber criminals should not be paid any ransom.

“Based on the extensive advice we have received from cyber crime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.

“It is for these reasons we have decided we will not pay a ransom for this event,” Koczkar said.

Medibank has warned customers to “remain vigilant” as investigations by the Australian Federal Police and Australian Cyber Security Centre remain ongoing.

“We knew the publication of data online by the criminal could be a possibility, but the criminal’s threat is still a distressing development for our customers,” Koczkar added.

“We unreservedly apologise to our customers.

“We take seriously our responsibility to safeguard our customers and support them.

“The weaponisation of their private information is malicious, and it is an attack on the most vulnerable members of our community.”

It is understood the Australian government has also backed the insurer’s decision.

This week, Centennial Lawyers and Bannister Law also announced they will proceed with a class action against Medibank, with both law firms asserting the private health insurer failed to protect customers’ data.

[Related: Sydney teen charged with blackmail attempt on Optus data breach victims]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.