The rest of the customer data stolen in the Medibank ransomware attack appears to have been posted online.
REvil, the group behind the attack on the Australian health insurance company, used on its blog earlier this week, “Happy Cyber Security Day!!! Added volume full. Case closed,” reports TechCrunch.
Since the publication of the post, the blog has not been available, making it impossible to independently confirm the authenticity of the files posted. However, Medibank said the volume hosted six raw data files, compressed into an archive. In total, six gigabytes of data were released, making this Medibank’s single largest leak to date.
No financial statements were taken
She said she was analyzing the data that was made public, but added that “it appears to be the data we thought the criminal stole.”
“While our investigation continues, there are currently no indications that financial or banking data was taken. The personal data stolen, by itself, is not sufficient to enable identity and financial fraud. The raw data we have analyzed today so far is incomplete and difficult to understand,” Medibank posted in an update.
The company concluded that it expects REvil to continue releasing files on the dark web, despite the group’s claims that everything has already been leaked.
Medibank fell victim to a ransomware attack in late October 2022, by REvil, a group with meaningful ties to the Russian government.
After the initial investigation, the information on 9.7 million customers was said to have been pulled from the company’s endpoints (Opens in a new tab)as well as health claims data on half a million others.
The company’s CEO, David Kojkar, later shared via LinkedIn the type of data captured: “A criminal cannot access credit card details or health claims data to obtain additional services,” he said.
It later emerged that REvil had obtained clients’ names, dates of birth, passport numbers, information on medical claims, and sensitive files related to abortions and alcohol-related illnesses. It also demanded $9.7 million in ransom, one dollar for each customer.
Via: TechCrunch (Opens in a new tab)