cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Hackers release thousands more Medibank customer records

Another 1.5 thousand Medibank records have been released on the dark web in what seems to be the Russian hacker’s response to the private health insurer’s stance on not paying a $15.6 million ransom.

user iconDaniel Croft
Mon, 21 Nov 2022
Hackers release thousands more Medibank customer records
expand image

On Sunday, four files labelled “HIV”, “psycho”, “STD” and “viral hep” were released, together containing 1,496 records.

Strangely, 123 of the newly released records had been previously released in earlier files, and the records don’t seem to match of the name of the files they come in.

There isn’t even a health code for STDs so instead, that file contains records about anemia patients.


Other records include chronic conditions such as asthma, diabetes, heart disease, cancer and more.

What’s more, Medibank is currently analysing the files released and has found that what has been released contradicts existing records.

“Our analysis has shown 375 of the 1,496 records do not match against that policy for that procedure,” said a Medibank spokeswoman.

“We are conducting further analysis on the files today to determine their accuracy. Previous files released have not matched our records.”

Furthermore, the spokeswoman said that the names listed on the records released may not be accurate either.

“The person who received the treatment could be their partner on the policy or a dependent — and the policyholder may not be aware that their partner or dependent received treatment.”

The hack has been condemned by both Medibank and the government.

“These people are complete grubs — pure and simple,” said Treasurer Jim Chalmers.

“It is despicable that people are prepared to release the sorts of information that we’ve seen released in recent days.

“It is well beyond the pale to see this kind of private, sensitive information released into the public domain.”

Medibank CEO David Koczkar has also urged people to remember that there are real people at the helm of this hack and that those who download the released data are also committing a criminal offence.

“Again, I unreservedly apologise to our customers,” he said.

“Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum and attempts to profit from it is committing a crime.”

“We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web.”

While the company’s refusal to pay hackers the multimillion-dollar ransom has been celebrated by the government, Medibank and other institutions are set to pay much more for serious breaches.

On top of the massive compensation costs Medibank will have to pay, the Albanese government is looking to crack down on the Australian cyber climate and is looking to raise the penalty for a serious breach from just over $2 million to either $50 million, three times the cost of the damage caused by the breach or 30 per cent of the company’s adjusted turnover for the period.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.