Hacker Publishes stolen Medibank Data on the Dark Web

11/10/2022Australia, Cybercrime, Darknet News

A sample of the user data stolen in the cyberattack on the healthcare behemoth by the alleged Medibank hacker was made public.

A day after stating that the information will be made public in 24 hours, they disclosed some information, including phone numbers and Medicare numbers, on a dark web forum at 2:00 am (AEDT) today. A Confucius quotation and a Super Mario character meme were changed in the alleged hacker’s prior dark web posting.

The hacker stated, “Looking back, that data is kept in not very comprehensible manner (tables dumps). We’ll take some time to sort it out and we posting a small part of the data, in “human readable style” (sample in json file), as well as all raw data.

We’ll continue publishing data in pieces since we need some time to make it attractive.
A dark-web link to several files that 9News has seen and which seem to contain accurate information about Australians and their healthcare encounters is also included in the post.

In addition to the names of healthcare professionals and the codes used by Medibank to record diagnoses and treatments, it also contains complete names, phone numbers, addresses, Medicare numbers, dates of birth, genders, and full names.

Unknown amount of data stolen

It is currently unknown how much data the hackers are willing to divulge or whether they have any ransom demands for Medibank.

Additionally, it appears that WhatsApp conversations between the hackers and Medibank employees, including the CEO David Koczkar, have been made public, thereby disclosing Koczkar’s personal phone number.

The cyber thief has openly indicated that Medibank will not pay the demanded ransom. According to Medibank CEO David Koczkar, “we think there is just a small chance paying a ransom will assure the return of our clients’ data and prevent it from being broadcast.

Customers were encouraged to exercise caution, and it apologized sincerely. The health insurance announced that 9.7 million Australians, including 5.1 million Medibank members, 2.8 million AHM clients, and 1.8 million international customers, had their basic personal information obtained by the hackers.

The share price of Medibank hit its lowest point in two years yesterday. A class action lawsuit against the insurer has also been announced by two law firms, who claim the insurer failed to protect the data of its clients.

It had previously been established that the data breach had involved names, dates of birth, addresses, phone numbers, and email addresses. The in question dark web forum was used in 2021 by a ransomware organization associated with Russia and abandoned when many members of the group were detained by Russian authorities, but has recently returned online posting info from hacks.