A ransomware gang has begun publishing data stolen from Medibank, Australia’s largest health insurance company, on the dark web.
Mediabank’s customer data breach came shortly after the company announced it would not pay a ransom to extortionists.
Curiously, the hackers exposed the details of customers who had insurance and sorted them into two files labeled “Naughty List” and “Good List”.
The “hoax list” is believed to be a reference to previous claims by the attackers to publish information about famous Medibank customers or customers with diagnoses involving substance abuse and other thorny medical problems. It is .
In addition to the data, the hackers also provided screenshots of what they claimed ransom negotiations with Medibank (ultimately) failed, and that people holding shares in the health insurance company should sell their shares. Suggestions shared.
So far, the leaked data was only a few hundred megabytes, and the hackers claimed they would continue to post the data in parts because it “takes a long time to clean up.”
according to Updated statement from Medibankthe leaked data included personal information such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers, passport numbers for international students in some cases, and some health insurance claims data. It contains.
What the company didn’t disclose is that the leaked data also appears to include information about staff members, such as email and cell phone details.
Inevitably, there will be scammers exploiting information leaked by Medibank hackers to target innocent individuals. This can take the form of phishing attacks, scams, and even malware attacks distributed via spam emails.
The high level of distress that Medibank’s customers are likely to be experiencing today is fraudsters disguising communications as coming from Medibank and tricking users into clicking on dangerous links or handing over sensitive information. may be used for
Medibank is urging customers to be aware of the risks. Remember, we never contact customers about their passwords or confidential information. email@example.com.
Cybercrime incidents can also be reported to the Australian Cyber Security Centre: report cyber.