Medibank has confirmed that the data released overnight by a group of hackers is real, which means that hundreds of the company’s customers have had their names, addresses, phone numbers, passport numbers, health claims data and other personally identifiable information displayed online for anyone to view.

The data, released after Medibank refused to pay a ransom, also appears to include information on Medibank staff and international students, screenshots of negotiations with the hacker group, and even the cell phone number of company CEO David. Koczkar.

On Wednesday morning, Medibank responded to the hacker group after posting a data dump when the midnight deadline for the ransom payment was not met.

Sign up for a FREE 21-day trial and take Woh directly to your inbox

“The files appear to be a sample of the data we previously determined the criminal had access to,” the Medibank statement said.

The group posted “a small piece of the data” on its dark web blog and promised more to come in the future.

“We will continue to publish the data in part, it will take some time to get it right,” he said.

The group said it will publish data beyond just customer data, such as information from Confluence, a software product used by companies to share data internally, and the source code of Medibank software.

Have I Been Pwned creator and cybersecurity expert Troy Hunt said the leaked data was “extraordinarily sensitive”.

“This is as bad as we feared it would become,” he said tweeted.

The group released two lists labeled “good list” and “bad list” with data on 198 customers. In addition to personally identifiable information, the data also includes the names of healthcare professionals along with codes for diagnoses and procedures.

Woh was unable to independently confirm the legitimacy of Medibank customer contact details after calling dozens of phone numbers. Many of the phone numbers are no longer operational or do not belong to the people they are listed for. (This does not disprove the legitimacy of the data. There are many reasons why this reporter was unable to confirm them, from the company with old data to luck.)

Other information includes spreadsheets with what appears to be basic information on tens of thousands of international students and the phone numbers and device IDs of hundreds of Medibank staff phones.

The published data also includes what appears to be email screenshots and text message negotiations between the hacker group and Medibank staff. These began in October with the original ransom note and ended on November 7 when a Medibank staff member told the group that they would not pay the ransom.

The group also included a screenshot of a WhatsApp contact listed as belonging to company CEO David Koczkar and messages sent to him.

“HELLO! As your team is quite shy, we have decided to take the first step in our negotiation,” they wrote on October 18th.

The authenticity of the screenshots of the negotiation, Medibank staff and international student information has not been specifically confirmed by the company.

Home Affairs and Cyber ​​Security Minister Clare O’Neil shared on Twitter a list of steps to take for those affected by the hack.

“If you are a Medibank or AHM customer, it is important to be extremely vigilant,” he said.

Leave a Reply

Your email address will not be published. Required fields are marked *