Here’s What To Do If You’re Worried About The Medibank Hacker Releasing Yr Data On The Dark Web

Medibank Private has confirmed that the hacker who breached nearly 10 million people’s personal data has sold information on the dark web after the insurer refused to pay any ransoms. In an official statement, the insurer detailed that names, phone numbers, personal addresses, emails, medicare numbers and some passport numbers (of international students) were released into the corners of the internet. Australian Federal Police’s (AFP) Cyber Command Assistant Commissioner Justine Gough confirmed that the AFP would be stepping up its efforts to ensure that Medibank customers who have had their personal data leaked were protected. “To the customers impacted by this latest breach, please do not be embarrassed to contact police through ReportCyber if a person contacts you online, by phone or by SMS threatening to release your data unless payment is made,” she said in a statement. “Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years imprisonment.” Gough also confirmed that the AFP was scouring the dark web to find anyone selling personal information. In case you missed it, earlier this week Medibank Private declared it would not pay any ransom demanded by hackers. This decision ultimately led to the release of said data. Company CEO David Koczkar said in there’s only a “limited chance” the return of data would have even happened if Medibank paid the hackers. “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” he said. “In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.” The update from the health insurance provider confirmed that a whopping 9.7 million current and former customers and authorised representatives have had personal information accessed in the cyber attack. This figure was made up of approximately 5.1 million Medibank customers, 2.8 million AHM customers and 1.8 million international customers. The update also detailed how many customers had their health claims data breached. Those affected include around 160,000 Medibank customers, around 300,000 AHM customers and around 20,000 international student customers. Around 5200 My Home Hospital (MHH) patients and 2900 next of kin have also had contact details breached. The health insurer said no credit card or banking details were accessed in the attack that they are aware of. “We take seriously our responsibility to safeguard our customers,” David Koczkar said. “The weaponisation of their private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.” Koczkar also confirmed Medibank is going to commission an external review to make sure the company “learns from this event” and continues to strengthen its abilities to protect its customer base.