The Times Australia
The Times World News

.

Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know

  • Written by Jeffrey Foster, Associate Professor in Cyber Security Studies, Macquarie University
Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know

On October 13 one of Australia’s largest medical insurers, Medibank, announced it had suffered a cyberattack – one which has resulted in the breached personal details of 9.7 million customers in Australia[1]. We now know the hackers, who are almost certainly Russian, demanded a ransom of US$9.7 million (about A$15 million) – or else they would leak the data on the dark web.

It’s believed the hackers are linked to the notorious REvil cyber gang[2] which, according to Russian sources, was allegedly dismantled and arrested[3] earlier this year.

The Medibank breach consists of an alleged 200GB of data[4] that contain personally identifiable information such as names, dates of birth, addresses, phone numbers, Medicare numbers, credit card details, and ID documents. Importantly, it also contains sensitive personal information about medical diagnoses and procedures covered by Medibank and ahm health insurance[5].

Medibank did not have a cyber insurance plan[6], and so decided it would not pay the ransom. This choice is consistent with Australian government recommendations[7].

The deadline to pay was around midnight on Tuesday. With no ransom received, the hackers kept their promise and the first batch of data was released in the early hours of Wednesday, November 9.

This breach comes with clear risks, and a lot of people will understandably be concerned. Here’s what to know if your data have been exposed, or is exposed in the coming days.

Read more: Medibank won't pay hackers ransom. Is it the right choice?[8]

What has been leaked so far?

Here’s what the hacker group divulged in the first batch of leaked data:

  • screenshots of failed negotiations with Medibank

  • a list of Medibank employees, with their full names, work emails, details of the mobile phones and computers they use, as well as some home wifi names (which can be used to find a person’s home address)

  • the personally identifiable information (including what appear to be passport numbers) of more than 500,000 international students, either currently or formerly in Australia

  • the personally identifiable information (including what appear to be ID document numbers) of an additional 500,000 people

  • and the personal information (including addresses and phone numbers) of 200 people. Most concerningly, this includes details of medical diagnoses and procedures, and a “naughty list”[9] of 100 people singled-out for having medical diagnoses of psychological disorders and drug addiction.

On the following day, November 10, the hackers released an additional 300 records of personally identifying information on account holders who had abortions charged against their accounts.

How might criminals use the stolen data?

Blackmail, fraud, identity theft and targeted scams are the three most obvious options for the hackers now in possession of Medibank customers’ data.

Personal information and information about medical treatments considered “controversial” – such as treatments related to sexual health, mental health, and addiction – could be used to blackmail victims, including high profile people and foreign nationals.

Foreign nationals may be particularly vulnerable if they have undergone procedures considered socially unacceptable – or even illegal – in their home country. This could even make it dangerous for them to return.

Personally identifying information, such as ID documents and contact details, may be used to impersonate victims and seize financial accounts, open lines of credit, or impersonate a victim to extort their friends and family for money.

Personal information can also be used to carry out targeted scams. For instance, cybercriminals may target data breach victims with highly personalised – and therefore highly believable – phishing attacks.

There are also data recovery scams, in which scammers contact victims and make the impossible claim to remove their data from the internet for a fee.

What to do if you’re targeted

We don’t yet know of every single individual who has been directly affected by this breach. Medibank will need to notify individual customers that have been affected, and has said it will continue to do so[10].

However, concerned customers can take some pro-active steps, such as securing critical accounts and being aware of potential scams – as we describe above, and also as we described in relation to the Optus breach[11] previously.

Read more: What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide[12]

While passports and drivers licenses can be replaced[13], there’s no protection against your medical history being released to the public. Hackers may try to exploit this information in extortion scams.

If you are targeted for an extortion scam as a result of the leak, you should notify law enforcement immediately, either through ReportCyber[14] or your local police office. There won’t be any hiding of information that is already posted online, and these criminals can’t keep it a secret for you, no matter what they promise.

If you receive a text or email from scammers related to your medical history, do not reply as it will only encourage them to harass you further.

What do we expect to happen next?

So far, the hackers have released[15] less than 1GB of the 200GB allegedly stolen, with already serious consequences for more than a million Australians. But this is just the tip of the iceberg.

The communications leaked by the hacking group suggest two things. First, they appear to still be trying to extort their US$9.7 million ransom from Medibank. This explains the trickling release of data, rather than all of it being leaked at once.

Second, they seem intent on releasing the data if Medibank does not pay. Their own stated reason for releasing the data is to market their “ransomware as a service” offerings to other cybercriminals. This is when an initial hacker first gains access to a company, and then hires a hacking group such as REvil to actually run the complicated ransomware scheme – a service made (in)famous by REvil[16].

Among the leaked data the hackers also posted screenshots of their ‘negotiations’ with Medibank. Screenshot, Author provided

It seems unlikely Medibank will (or should) pay the ransom[17], and likely the unnamed ransomware gang will release the entire dataset to the public.

Should that happen, we may be facing an unprecedented exposure of personally identifiable information with potentially 9.7 million identity documents and credit card details stolen.

This possibility dwarfs even the worst case scenarios of the recent Optus breach, and will require an unprecedented effort to update and secure the identity documents and credit card details of those affected.

Read more: Why are there so many data breaches? A growing industry of criminals is brokering in stolen data[18]

References

  1. ^ customers in Australia (www.abc.net.au)
  2. ^ REvil cyber gang (www.sbs.com.au)
  3. ^ dismantled and arrested (www.bbc.com)
  4. ^ alleged 200GB of data (www.theguardian.com)
  5. ^ ahm health insurance (ahm.com.au)
  6. ^ cyber insurance plan (www.theguardian.com)
  7. ^ Australian government recommendations (www.cyber.gov.au)
  8. ^ Medibank won't pay hackers ransom. Is it the right choice? (theconversation.com)
  9. ^ “naughty list” (www.abc.net.au)
  10. ^ and has said it will continue to do so (www.medibank.com.au)
  11. ^ Optus breach (theconversation.com)
  12. ^ What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide (theconversation.com)
  13. ^ can be replaced (www.abc.net.au)
  14. ^ ReportCyber (www.cyber.gov.au)
  15. ^ hackers have released (www.abc.net.au)
  16. ^ REvil (www.crowdstrike.com)
  17. ^ pay the ransom (www.abc.net.au)
  18. ^ Why are there so many data breaches? A growing industry of criminals is brokering in stolen data (theconversation.com)

Read more https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

Duke of Dural to Get Rooftop Bar as New Owners Invest in Venue Upgrade

The Duke of Dural, in Sydney’s north-west, is set for a major uplift under new ownership, following its acquisition by hospitality group Good Beer Company this week. Led by resp...

Prefab’s Second Life: Why Australia’s Backyard Boom Needs a Circular Makeover

The humble granny flat is being reimagined not just as a fix for housing shortages, but as a cornerstone of circular, factory-built architecture. But are our systems ready to s...

Melbourne’s Burglary Boom: Break-Ins Surge Nearly 25%

Victorian homeowners are being warned to act now, as rising break-ins and falling arrest rates paint a worrying picture for suburban safety. Melbourne residents are facing an ...

Exploring the Curriculum at a Modern Junior School in Melbourne

Key Highlights The curriculum at junior schools emphasises whole-person development, catering to children’s physical, emotional, and intellectual needs. It ensures early year...

Distressed by all the bad news? Here’s how to stay informed but still look after yourself

If you’re feeling like the news is particularly bad at the moment, you’re not alone. But many of us can’t look away – and don’t want to. Engaging with news can help us make ...

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...