The rest of the customer data stolen in the Medibank ransomware attack appears to have been posted online.
REvil, the group behind the attack on Australia’s health insurer, posted an update on their blog earlier this week stating: “Happy Cyber Security Day!!! Full folder added. Case closed,” TechCrunch reported.
Since the publication of the entry, the blog is unavailable, which makes it impossible to independently confirm the authenticity of the posted files. However, Medibank said there were six raw data files packed into the archive in the folder. In total, six gigabytes of data were published, making this Medibank’s largest single leak to date.
No financial data downloaded
He said he was analyzing the published data, but added that “it appears to be data that we believe has been stolen by a criminal.”
“While our investigation continues, there is currently no indication that financial or banking details have been taken. And stolen personal information alone is not enough to enable identity fraud and financial fraud. The raw data we have analyzed so far is incomplete and difficult to understand,” Medibank wrote in an update.
The company concluded that it expects REvil to continue posting files on the dark web, despite the group’s claims that everything has already been leaked.
Medibank fell victim to a ransomware attack in late October 2022 by REvil, a group allegedly linked to the Russian government.
After an initial investigation, it was found that information about 9.7 million customers had been downloaded from the company’s endpoints (opens in a new tab)and health claim data for half a million others.
The company’s CEO, David Kochkar, later explained via LinkedIn the type of data that had been collected: “The offender did not have access to credit card and banking details or health claim data for ancillary services,” he said.
As it later turned out, REvil got his hands on clients’ names, dates of birth, passport numbers, medical claims information, and sensitive records on abortion and alcoholism. He also demanded a $9.7 million ransom, a dollar for each customer.
By: TechCrunch (opens in a new tab)