Medibank cyber attack: Hackers make ransom demand over customer data

[ad_1]

Hackers who seized thousands of Aussies’ private data during huge Medibank hack demand a RANSOM – as ministers warn the cyber attack is ‘significant’

  • Australian private health insurer Medibank has been the victim of a cyberattack
  • The company has the personal information of more than 3.9millilon customers
  • CEO David Koczkar said insurer was trying to understand extent of the breach 
  • A group claiming to be behind the attack contacted Medibank on Wednesday  

Hackers who claim to be behind a cyber attack on one of Australia’s largest health insurers, Medibank Private, have threatened to release customers’ personal information.

Medibank said in a statement on Wednesday that a group had contacted them wanting to enter ransom negotiations over the allegedly stolen data.

‘This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority,’ the company said.

‘We are working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously.’

See also  Pub barons Arthur Laundy, Justin Hemmes and Solomon family in hospitality war

Messages in broken English allegedly from the hacking group claim 200 gigabytes of sensitive information, including health records, was stolen from Medibank, the Sydney Morning Herald reported.

The group said as a ‘warning shot’ it would contact the insurer’s 1,000 most prominent customers including ‘politicians, actors and activists’ using their own personal information.

Medibank cyber attack: Hackers make ransom demand over customer data

Private health insurer Medibank revealed last week it was the victim of a cyberattack and now the hacking group has made demands 

A statement from Cybersecurity and Home Affairs Minister Clare O’Neil’s office on Wednesday night said the nature of the breach was still being investigated.

‘A significant cybersecurity incident has occurred within Medibank. The facts are continuing to be established,’ she said.

Ms O’Neill said she has had discussions with the Medibank CEO, the Australian Signals Directorate, and the Federal Police. 

Medibank has more than 3.9million customers.

The new development has caused shares to be placed in a trading halt for the rest of the week. 

Medibank disclosed last week that it was the victim of a massive cyber attack and shut down some IT systems as it worked to understand the extent of the breach. 

In a separate letter to the Australian Stock Exchange last Thursday, Medibank said it detected unusual activity on its network the previous day.

‘At this stage there is no evidence that any sensitive data, including customer data, has been accessed,’ the company said at that time.

CEO David Koczkar apologised for the ‘distressing’ incident and acknowledged ‘this news may make people concerned’. 

It follows the country’s biggest ever cyber breach when the personal details of up to 10 million Optus customers were exposed to hackers recently.

See also  Lawyer: There are two types of worker - but only one will ever get the promotion 

Telstra also revealed a data breach this month in which 30,000 current and former staff had their names and emails posted online. 

Hackers claiming to be behind the theft of 200GB of sensitive customer data from Medibank are wanting to negotiate (stock image)

Hackers claiming to be behind the theft of 200GB of sensitive customer data from Medibank are wanting to negotiate (stock image) 

Medibank said last week it has taken immediate steps to ‘contain the incident’ and had brought in expert cybersecurity firms to work on the breach.

The steps included taking some of its customer facing computer systems offline 

Mr Koczkar said taking systems offline was to ‘reduce the likelihood of damage to systems or data loss’ but that access to health providers and cover was not affected.

He said the business was still working to understand the exact nature of the breach. 

‘We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold,’ Mr Koczkar said.

‘We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem.’

Advertisement

[ad_2]

Source link