Medibank Hackers Claim to Have Stolen ‘Interesting’ Data on Politicians, Actors, Influencers

Following a widely-publicized ransomware incident, Medibank Group this week received communications from its aggressors claiming they wish to negotiate the price for keeping the stolen data out of the public’s view.

Medibank is one of the largest Australian private health insurance providers, covering health, travel, cars, homes, and even pets for almost 4 million customers. It is also the latest victim in a recent spree of cyber-attacks down under.

The group first learned it got breached by hackers last week. In the days that followed, the company was commendably transparent about the incident and maintained in a series of updates that there was no evidence the perps had stolen customer data.

That was until yesterday when the hacking crew responsible for the attack reportedly contacted the company to negotiate a ransom in exchange for keeping the stolen data private.

Open for negotiation

The message (reproduced below), obtained by The Sydney Morning Herald, says the data includes some ‘interesting’ facts about prominent Medibank clients, including politicians, actors, and people struggling with drug addiction.

We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.

For its part, Medibank disclosed the following in its Oct. 19 update:

Today Medibank Group has received messages from a group that wishes to negotiate with the company regarding their alleged removal of customer data. This is a new development and Medibank understands this news will cause concerns for customers and the protection of their data remains our priority. Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.

Hackers have 200GB of sensitive customer data

In an update issued just hours ago, the insurer now says hackers have 200GB of customer data, including first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers, and some claims-related data which includes the location where a customer received medical services, and codes relating to their diagnosis and procedures.

“The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems,” Medibank says.

The hackers also claim they’re sitting on data related to credit card security.

Medibank is now making direct contact with affected customers to inform them of this development, as well as to provide support and guidance on what to do next, according to the update.

It is unclear if the group is willing to negotiate with the attackers. It may consider doing so, if solely to protect those affected.

Number of affected customers expected to rise

The statement also reveals, rather worryingly, that Medibank expects the number of affected customers “to grow as the incident continues.”

The group urges customers to remain vigilant and not give away their passwords to anyone.

In a bid to assist everyone in the shortest time possible, Medibank has deployed staff to support new cyber response hotlines in its call-centers.

Bitdefender Identity Theft Protection offers continuous monitoring of your identity, privacy and credit status and displays instant alerts when your personal information is at risk.