Medibank data now fully released on the dark web

12/04/2022Australia, Cybercrime, Darknet News

The Australian insurance company Medibank has confirmed that the hackers who broke into its database have uploaded six more zipped files containing customer information on the dark web, claiming that these files comprise all the information they took.

A new tranche of data was leaked onto the dark web by hackers who broke into Medibank’s servers, along with claims that the files contained all the information they stole from a theft that affected 9.7 million users. Six zipped files of data have been exposed, according to the Australian insurance organization, and officials from the government have once again emphasized the urgent need to update the nation’s cyber policy. This comes just weeks after the initial release of data and the subsequent publication of 1500 more patient records.

On Thursday, Medibank stated that it was analyzing the material that had been posted overnight on the dark web, but noted that it looked that the files contained client information that had been compromised in the incident. The security breach, which was first reported last October, had an impact on 9.7 million current and past clients as well as some of their authorized representatives. 1.8 million overseas consumers were among those affected.

Prior to the most recent data leak, the thieves’ hackers published the files in batches along with ransom requests. According to Medibank, no ransom payments would be made.

Medibank Statement

The insurance firm stated in a statement on Thursday that there was no evidence that any financial or banking information had been compromised and that the stolen data was insufficient on its own to enable identity or financial theft. It also stated that the raw data has been found to be imprecise and challenging to comprehend thus far.

According to Medibank, this continued to be the case for the most recent six zipped files, which were released in a folder labeled “full,” and that the health information released was not matched up with client and contact information.

Attorney-General of Australia Mark Dreyfus stated that “agencies” were looking into the most recent data dump and that the government was aware of it.

When asked how the country’s Privacy Act could be further updated in light of the recent rise in penalties for data breaches, Dreyfus indicated that a review of the law was also planned to be finished by year’s end. He said the following in an interview with ABC Radio Melbourne: “This piece of legislation is incredibly out-of-date. It has to be completely reformed.”

Next year, Dreyfus said, he will be working on a “full overhaul” of the Privacy Act. He highlighted that until then, the sizeable rise in monetary fines should act as a motivator for regional businesses that keep the personal information of Australian citizens to ensure that they take better care of the data and implement stronger security measures.

The government passed a law last month raising the maximum fines for serious or recurrent data breaches from AU$2.22 million to AU$50 million ($32.34 million), or three times the value of any benefits obtained through the misuse of the data, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater.