Medibank informed investors and customers that a "sample" of data from some 9.7 million clients had been posted on a "dark web forum."
Among the sensitive personal data posted anonymously were names, birth dates, addresses, passport numbers and information on medical claims. (Related: Chinese hackers STEAL intellectual property from more than 30 companies.)
"The files appear to be a sample of the data that we earlier determined was accessed by the criminal. We expect the criminal to continue to release files on the dark web," the company said in a statement to the Australian Securities Exchange.
Medibank earlier refused to pay ransom to prevent the hackers from leaking the data, stating it could boost further crime and would not ensure the information was safe.
"Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank CEO David Koczkar said.
The leaked data were posted on a dark web forum that cannot be discovered using traditional web browsers.
"We'll continue posting data partially. Looking back, that data is not a very understandable format, we'll take some time to sort it out," the hackers said. "We always keep our word. We should post this data because nobody will believe us in the future."
Meanwhile, Australian Federal Police (AFP) announced on Friday, Nov. 11, that Russian hackers carried out the cyberattack on Medibank that breached the data of 9.7 million people, including Prime Minister Anthony Albanese.
The hackers leaked the data after Medibank refused to pay a $9.7 million ransom.
AFP Commissioner Reece Kershaw blamed the attack on cyber criminals based in Russia. AFP Assistant Commissioner Cyber Command Justine Gough had earlier said the "criminal or criminal groups" accountable for the hack could be working outside of Australia.
"We believe those responsible for the breach are in Russia. Our intelligence points to a group of loosely affiliated cyber criminals who are likely responsible for past significant breaches across the world," Kershaw told reporters.
The first leaks seemed to have been selected to make maximum harm by targeting people who received treatment related to drug abuse, sexually transmitted infections or pregnancy terminations.
The crime could impact "millions of Australians," according to Kershaw. "The cyber criminals are operating like a business with affiliates and associates who are supporting the business," he said.
Kershaw said Australian police will be collaborating with Interpol and request the assistance of their Russian counterparts.
"We'll be holding talks with Russian law enforcement about these individuals. Russia benefits from the intelligence sharing and data shared through Interpol and with that comes responsibilities and accountability," Kershaw added.
According to Kershaw, the police are aware of the identities of the hackers, but they will not be revealing their names. He added that they're doing "covert measures" to bring the hackers to justice.
"To the criminals, you know we know who you are. The Australian Federal Police has some significant runs on the scoreboard when it comes to bringing overseas offenders back to Australia to face the justice system," Kershaw said.
Cybersecurity analysts have suggested they could be linked to the Russian hacker group REvil.
REvil – a combination of ransomware and evil – was allegedly dismantled by Russian authorities earlier this year, after withdrawing an $11 million ransom from JBS Foods, a major food conglomerate.
Australian National University cybersecurity expert Thomas Haines said tracking the hackers down was the easiest part for the police.
"It’s unusual for hackers to cover their tracks so well that you don't know where they came from. But there are certain areas of the world where the ability to apply any pressure is effectively zero," Haines said
The breach in security proved costly for Medibank's market value, with the share price of the company dropping over 20 percent since October.
Follow CyberWar.news for more stories like this.
Watch the video below to know how pro-Russian hackers shut down U.S. airport websites in a massive cyberattack.
This video is from the InfoWars channel on Brighteon.com.