Australian medical insurer Medibank has steadfastly refused the hacking group's demand for AUD$15 million ($10 million) in exchange for the return of the illegally accessed data of around 9.7 million Medibank clients. This data contained names, dates of birth, addresses, Medicare numbers, phone numbers and email addresses.
"We believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," said Medibank CEO David Koczkar. "In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm's way by making Australia a bigger target."
Right before this massive data drop, the group had been dropping small amounts of sensitive customer information for sale onto the dark web as a show of force. (Related: Hackers leak stolen medical records on dark web after Australian health insurer refuses to pay ransom demand.)
On Thursday, Dec. 1, six zipped folders containing over 6.5 gigabytes of raw data were dropped on the hacking group's blog on the dark web in response to Medibank's refusal to pay the ransom. The folder, called "full," was released with the message: "Happy Cyber Security Day!! Added folder full. Case Closed."
Medibank said it was aware of this most recent data release and added that it is not certain if the hackers have released all of the stolen files. For Koczkar and Medibank, more work needs to be done following the hacking incident.
"We are remaining vigilant and are doing everything we can to ensure our customers are supported," Koczkar said. "It's important everyone stays vigilant to any suspicious activity online or over the phone."
Medibank noted that the recent data drop is "incomplete and hard to understand," noting that the health claims data that was released was not joined with any customer name or any contact details.
By itself, the stolen data should not be sufficient to enable any threat actors to identify Medibank clients and target them with identity and financial fraud attacks. However, the hacking group's past data releases did expose very sensitive information around many Medibank customers' medical treatment claims.
"Again, I unreservedly apologize to our customers," said Koczkar. "We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web."
Medibank is providing affected clients with support through its Cyber Response Support Program. "This includes mental health and wellbeing support, identity protection and financial hardship measures," noted Koczkar.
The Medibank CEO added that anybody who gets caught downloading the data from the dark web and attempting to profit from it will be prosecuted by Australian authorities.
"The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data," said Koczkar.
Learn more about hacking and data breach incidents at CyberWar.news.
Watch this clip from "The American Journal" on InfoWars as Harrison Smith discusses how pro-Russian hackers shut down U.S. airport websites in a massive cyber attack.