SYDNEY (Reuters) – More personal details of customers of Australia’s biggest health insurer Medibank Private Ltd, hit by a massive cyber attack, were released on Friday, with the company expecting this to happen daily after it declined to pay ransom to the hacker.
Hacker releases more records
Health records related to mental health and alcohol use of hundreds of customers have been released in the dark web in the latest data dump after the attacker uploaded two data sets, local media reported.
“Unfortunately, we expect the criminal to continue to release stolen customer data each day,” Medibank Chief Executive David Koczkar said in the latest update about the breach.
Data from around 9.7 million current and former customers was compromised, Medibank has said, as Australia grapples with a recent rise in cyber attacks. At least eight companies, including Singapore Telecommunications-owned telecoms company Optus, have reported breaches since September.
Customers seeking help from Medibank
Prime Minister Anthony Albanese said on Friday the government was taking all steps to limit the impact and has set up an integrated phone service for affected customers for seeking help from both the government and Medibank.
“We know it’s already incredibly distressing. The fact that information was published going to very personal health details of Australian citizens is disgusting, and something that is I think, just totally reprehensible,” Albanese told ABC Radio.
Medibank shares plunge
Medibank shares have plunged about 20% since the hack was revealed by the company on Oct. 13. Shares were up nearly 2% in late morning trade on Friday.
Hunt down begins
Australia on Saturday formalised a new cyber-policing model in a stepped-up effort to “hunt down” cyber-criminal syndicates, following recent hacks impacting millions of Australians.
Australia’s biggest health insurer, Medibank Private Ltd, last month was hit by a massive cyber attack, as Australia grapples with a rise in damaging hacks.
At least eight companies, including Singapore Telecommunications-owned telecoms company Optus, Australia’s second-largest telco, have reported breaches since September.
On Saturday, Minister for Home Affairs Clare O’Neil said the government had formalised a permanent partnership between the Australian Federal Police (AFP) and the Australian Signals Directorate – which intercepts electronic communications from foreign countries – to do “new tough policing” on cybercrime.
O’Neil said around 100 officers would be part of the new partnership between the two federal agencies, which would act as “a joint standing operation against cyber-criminal syndicates”.
The taskforce would “day in, day out, hunt down the scumbags who are responsible for these malicious crimes”, she said.
Russian-based hackers responsible
The announcement comes after AFP on Friday said Russia-based hackers were behind the attack on Medibank, which compromised data from around 10 million current and former customers.
Attorney General Mark Dreyfus, speaking alongside O’Neil in Melbourne, refused to be drawn on whether the ransomware group REvil was responsible for recent cyber attacks on Australians.
“I won’t be commenting on operational matters like that, but what we do know … is that it is a very organised criminal gang and that it is located in Russia,” Dreyfus said.
Prime Minister Anthony Albanese has previously said the government was doing all it could to limit the impact of the Medibank hack and had set up a phone service for affected customers to seek help from both the government and Medibank.
(Reporting by Renju Jose and Sam McKeith; Editing by Chris Reese and Leslie Adler)