Customer data from Medibank, Australia’s largest health insurance provider, was released on Wednesday after failing to pay a ransom. The extortionist cybercriminals who had breached the company in October dumped data that contained info on HIV diagnoses and drug abuse treatments, according to the Associated Press. The cybercriminals were willing to drop their ransom to $1 a client, or $9.7 million total, but Medibank refused to succumb to the demands.
“This is a criminal act designed to harm our customers and cause distress,” Medibank CEO David Koczkar said in a statement that reiterated a previous apology to customers.
The Medibank customer data appeared on the dark web earlier this week and was confirmed to have been stolen last month, according to Medibank.
Medibank expects all customer data will eventually be leaked online.
They do not suspect that any customer credit card data has been compromised.
The hackers responsible for breaching Medibank’s systems created a “naughty list” of approximately 100 patients who had contracted HIV, received drug abuse treatments, had mental health concerns, or had alcohol addiction.
Public outcry in Australia over Medibank hack
Public opinion in Australia is not in support of Medibank.
“Letting customers discover their most sensitive information imaginable has been published and hearing it on the news, Medibank’s response has been pathetic,” an unidentified man, whose image was not broadcast, told Nine News television.
Cybersecurity Minister Clare O’Neil urges social media platforms to not allow their users to post or share Medibank customer data. O’Neil, a Medibank patient herself, presumably had her personal medical data stolen as well.
“If you do so, you will be aiding and abetting the scumbags who are at the heart of these criminal acts and I know that you would not do that to your own country and your own citizens,” O’Neil told Australian Parliament.
Australia is hoping to pass an updated legislature that will increase penalties for breaches of the Privacy Act from 2.2 million Australian dollars ($1.4 million USD) to 50 million ($32 million USD) or more.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.