The hackers have released a massive file overnight that it says contains the information of Medibank customers.

The hackers have released a massive file overnight that it says contains the information of Medibank customers.Credit:Steven Siewart

A file called “Full” that contained six zipped files of raw data was added to one of the mirror sites. At a size of six gigabytes,it is much larger than any of the previous releases. There are fears the data dumped overnight is all the Medibank information stolen by the hackers.

Loading

But there are also signs the criminals are moving on. The hackers have already homed in on fresh victims,with the blog site posting data allegedly stolen from a US medical group,Sunknowledge Services,and a US school this week.

Medibank said it is still analysing the data released on Thursday morning but said it appears to be customer information stolen by the hackers.

Advertisement

“The raw data we have analysed today so far is incomplete and hard to understand.”

As an example,Medibank said health claims data released this morning has not been joined with customer names and contact details.

“Unfortunately,we expected the criminal to continue to release files on the dark web,” the insurer added.

Medibank reiterated that there are no signs that financial or banking data has been taken. It also says that the personal data accessed,by itself,is not sufficient to enable identity and financial fraud.

“We are remaining vigilant and are doing everything we can to ensure our customers are supported. It’s important everyone stays vigilant to any suspicious activity online or over the phone,” Medibank chief executive David Koczkar said.

The full financial cost for Medibank could still be prohibitive,as recent actions by the OAIC have shown.

Last year,following action by the watchdog,the Australian government was ordered to pay compensation to almost 1300 people seeking asylum after accidentally leaking their highly sensitive personal information in 2014.

“This matter is the first representative action where we have found compensation for non-economic loss payable to individuals affected by a data breach,” privacy commissioner Angelene Falk said at the time.

Compensation was determined on a case-by-case basis,but the compensation bands started at $500 for the most basic “general anxiousness,trepidation,concern or embarrassment,resulting from the data breach.”

At the highest band - extreme loss or damage resulting from the data breach - compensation is in a range of $20,000 to $50,000. Around 480,000 Medibank customers,that have had their private health data stolen,could qualify for compensation in this highest band.

“I don’t recall any breach of a health insurance provider where there was talk of access to the treatment plans of patients on such a scale,” Greg Austin,a cybersecurity expert with geopolitical think tank,the International Institute for Strategic Studies (IISS),said.

Meanwhile,the Russian Ministry for Foreign Affairs has condemned accusations by the Australian government that link it to the hackers involved in the Medibank attack.

“Australia has picked up the baton in the anti-Russia media campaign. This is the only explanation for its unsubstantiated and politicised allegations of Russian cyberattacks on medibank,” the ministry’s official Twitter account said this morning.

“We strongly condemn such practices.”

Last month,Australian Federal Police (AFP) Commissioner Reece Kershawnamed Russia as the home of the hacking group that is demanding a ransom payment from Medibank after it stole the personal details of millions of customers. This publication has been told that authorities believed the REvil group was involved,pointing to one of Russia’s most active ransomware gangs.

Government Service Minister Bill Shorten told ABC’sRN Breakfast that the latest development was “shocking”.

“The people who’ve hacked Medibank are absolute criminal lowlifes,” he said.

“If people think that any government ID has been in any way breached,or they’re aware of it,contact us.”

“From our end,we’re just going to have to muscle up and put whatever resources we need in to protect people’s information.”

It is the first release of data in more than a week,with the dark web blog site offline for most of last week.

The hackershave drip-fed sensitive health information about Medibank customers on the dark web in an attempt to pressure the company into paying a ransom,which the insurer has refused to pay.

The hackers accessed the health claims data for about 160,000 Medibank customers,300,000 ahm customers and 20,000 international customers.

Loading

Medibank later confirmed that the customers of its budget ahm brand have been the only policyholders whose private health data has been released by the hackers,who stole information on the group’s entire customer base in October.

It also said that a substantial amount of the information the hackers released has been wrong,suggesting the cyber criminals have had a tough time properly extracting information from the stolen data.

Medibank confirmed that its analysis has shown about 25 per cent of records released on the dark web did not match its customers’ policy details.

Law firm,Maurice Blackburn,has also lodged a representative complaint with the OAIC alleging Medibank failed in its duties by failing to take steps to protect its customers’ personal information.

“We cannot undo the damage that has been caused in this data breach,but we can ask the Commissioner to investigate the data breach and seek compensation from Medibank on behalf of those affected,including for financial or non-financial loss,such as humiliation,stress,and feelings of anxiety,” Maurice Blackburn principal Andrew Watson,said.

The Business Briefing newsletter delivers major stories,exclusive coverage and expert opinion.Sign up to get it every weekday morning.

Most Viewed in Business

Loading