A ransomware gang has begun to publish data on the dark web stolen from Australia’s largest health insurer Medibank.
The leaking of Mediabank’s client data comes shortly after the company announced it would not pay a ransom to the extortionists.
Curiously, the hackers have released details of insured customers, sorted into two files bearing the label “naughty-list” and “good-list.”
The “naughty list” is thought to be a reference to a claim made earlier by the attackers that they would release information on high profile customers of Medibank in the public eye, or those who had received diagnoses involving substance abuse and other potentially embarrassing medical issues.
Alongside the data, the hackers shared screenshots of what they claimed was the (ultimately) unsuccessful ransom negotiation with Medibank, and a suggestion that those holding shares in the health insurer should sell their shares.
For now the leaked data amounts to just a few hundred megabytes, and the hackers claimed that they would continue to post data partially as they needed “some time to do it pretty.”
According to an updated statement from Medibank, the leaked data includes personal information such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers, and in some cases passport numbers for international students, and some health claims data.
What the company hasn’t said is that the leaked data also appears to contain information pertaining to its staff, including email and mobile phone details which – although not as potentially dangerous as exposed medical information – could be exploited by fraudsters.
Inevitably there will be scammers who take advantage of the information leaking out from Medibank’s hackers to target innocent individuals. This could take the form of phishing attacks, scams, or even malware attacks distributed via spam email.
The high level of distress that Medibank’s customers are likely to be experiencing right now can be taken advantage of by fraudsters who could disguise their communications as being from Medibank, and trick users into clicking on dangerous links or handing over sensitive information.
Medibank is calling upon its customers to be alert to the risk, remember that it will never contact them about passwords or sensitive information, and asked clients to report any suspicious emails or SMS messages to them at scaminvestigations@medibank.com.au.
Cybercrime incidents can also be reported to the Australian Cyber Security Centre via ReportCyber.
