On the morning of Thursday December 1st 2022, the hackers behind the Medibank Cyberattack uploaded a blog post which included a 5gb folder of compressed files stating: “Happy Cyber Security Day!!! Added folder full. Case closed.”
The hackers had previously claimed to have extracted a total of 200gb of customer data from Medibank's systems and then compressed it. A spokesperson for Medibank has stated that this uploaded folder may indeed contain the full extent of hacked customer data:
“While our investigation continues there are currently no signs that financial or banking data has been taken...And the personal data stolen, in itself, is not sufficient to enable identify and financial fraud. The raw data we have analysed today so far is incomplete and hard to understand.”
This marks the first data drop in over a week following Medibank's refusal to pay the hacker group a $US10 million ransom. The original breach included files relating to nearly 10 million current and former Medibank customers. These files exposed customer names, addresses, dates of birth, email addresses and phone numbers.
The Australian Federal Police (AFP) have stated they believe the hacking group is based in Russia and is connected to the REvil ransomware group. The AFP are also seeking assistance from Russian authorities to help track down the hackers and are investigating where the breached data may have been shared online in an attempt to protect customers from being exploited. In November it was announced that consulting firm Deloitte would begin an external review of Medibank.
Law Firm, Maurice Blackburn, have also launched an investigation against Medibank regarding the breach and have lodged a formal complaint with the information commissioner. This action may lead to Medibank being ordered to compensate customers affected by the hack.
Medibank has boosted their call centre staff with an extra 300 employees and have extended trading hours. Two-factor authentication for customers has also been introduced.