Medibank Cyber-Attack: Unveiling the Ongoing Cyber Battle and Data Integrity risks
On the 18th of October, an ongoing battle ensued between Medibank and a Russian hacking group called ‘REvil’. Previously thought to have been dismantled by their own government back in January of this year at the request of the US government.
Using only a username and a password, 9.7 million customers of Medibank had their data hacked by ‘REvil’ that contained names, dates of birth, addresses, phone numbers and including 500,000 customers personal medical records. The hackers are asking for a ransom of an undisclosed amount ‘Medibank’ has not made public, confirmed to be originally $15.1 million AUD by a post from the alleged hackers.
Medibank vs. Hackers
Since October, week after week, ‘REvil’ has been posting the customer data onto the darkweb to force ‘Medibank’ into paying the ransom.
"Looking back that data is stored not very understandable format (table dumps) we'll take some time to sort it out...” The hackers said in a post from the 12th of November. “... We'll continue posting data partially, need some time to do it pretty..."
The data posted contained 100 customers personal information, who were the first victims that lost their private identities out of hundreds of thousands that were posted in the following weeks.
Official Post by “REvil” taken from the darkweb 12/11/22
After weeks of battle from governments and companies around the world, ‘REvil’ posted what seems to be their final post as ‘Medibank persisted to refuse to pay the ransom.
On the 1st of December, the hackers posted a 5GB compressed file containing the rest of the customers personal information before disappearing online, it is believed to contain 200GB worth of millions of individual's personal addresses, phone numbers and medical histories.
“Happy Cyber Security Day!!!”, the hackers posted. “Case Closed.”
‘Medibank’ reviewed the last post from ‘REvil’ before they went offline
“... [it] appears to be the data we believed the criminal stole. While our investigation continues there are currently no signs that financial or banking data has been taken,” the spokesperson of ‘Medibank’ said. “And the personal data stolen, in itself, is not sufficient to enable identity and financial fraud. The raw data we have analysed today so far is incomplete and hard to understand.”
How many Aussies are now vulnerable online?
According to ‘The Sydney Morning Herald’ and ‘ABC News’, out of the 9.7 million ‘Medibank’ customers, 488,100 of those have had their private identities accessed by unknown users roaming the deep web.
Below are the number of affected individuals who had their private identities accessed:
‘Ahm’ Customers: 300,000
Australian ‘Medibank’ Customers: 160,000
International ‘Medibank’ Customers: 20,000
‘MY Home Hospital’ patients: 5,200
Next of Kin of those patients: 2,900
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.