The remainder of the customer data stolen in the Medibank ransomware attack appear to have been published online.
REvil, the group behind the attack on the Australian health insurer, posted an update on its blog earlier this week, stating “Happy Cyber Security Day!!! Added folder full. Case closed”, TechCrunch reported.
Since publishing the post, the blog has been unavailable, making it impossible to independently confirm the authenticity of the files that were posted. However, Medibank said the folder hosted six raw data files, zipped to an archive. In total, six gigabytes of data were posted, making this the single biggest Medibank leak so far.
No financial data taken
It said it was analyzing the data that was posted, but added that it “appears to be the data we believed the criminal stole”.
“While our investigation continues there are currently no signs that financial or banking data has been taken. And the personal data stolen, in itself, is not sufficient to enable identity and financial fraud. The raw data we have analyzed today so far is incomplete and hard to understand,” Medibank posted in an update.
The company concluded that it expects REvil to continue releasing files on the dark web, despite the group’s claims that everything has already been leaked.
Medibank fell victim to the ransomware attack in late October 2022, at the hands of REvil, a group with alleged ties to the Russian government.
After the initial investigation, it was said that information on 9.7 million customers was taken from company endpoints (opens in new tab), as well as health claims data relating to half a million others.
The company’s CEO, David Koczkar, later clarified via LinkedIn the type of data that was taken: “The criminal did not access credit card and banking details or health claims data for extras services,” he said.
It would later turn out that REvil got its hands on customer’s names, birth dates, passport numbers, information on medical claims and sensitive files related to abortions and alcohol-related illnesses. It also demanded $9.7 million in ransom, a dollar for each customer.
Via: TechCrunch (opens in new tab)