The rest of the customer data stolen in the Medibank ransomware attack appears to have been posted online.
REvil, behind the attack on the Australian health insurer, posted an update on its blog earlier this week, saying “Happy Cyber Security Day!!! Added folder is full. Case closed”, TechCrunch reports .
The blog has been inaccessible since the post was published, so the authenticity of the published documents could not be independently confirmed. However, Medibank said the folder contained six raw data files, compressed into one archive. A total of 6GB of data was released, making it the largest Medibank leak to date.
No financial data collected
It said it was analyzing the data released, but added it “appears to be data we believe was stolen by criminals”.
“While our investigation is continuing, there is currently no indication that financial or banking data has been stolen. Stolen personal data alone is not sufficient to allow identity and financial fraud. So far, the raw data we have analyzed today is incomplete and Incomprehensible,” Medibank posted in an update.
The company concluded that it expects REvil to continue posting documents on the dark web, despite the group’s claims that everything has been leaked.
Medibank fell victim to a ransomware attack in late October 2022 by REvil, a group allegedly linked to the Russian government.
After initial investigation, it is said that 9.7 million customers’ information was obtained from the company’s endpoint (opens in a new tab)and health claim data related to 500,000 other people.
David Koczkar, the company’s chief executive, later clarified via LinkedIn the type of data taken: “Criminals did not have access to credit card and bank details or health claims data for extra services,” he said.
It later turned out that REvil had clients’ names, dates of birth, passport numbers, medical claims information and sensitive documents related to abortion and alcohol-related illnesses. It also demands a ransom of $9.7 million, or $1 per customer.
pass: technology crisis (opens in a new tab)