Suspected cybercriminal releases sample of Australian customer data

The purported hacker updated their earlier dark web post, which had a Confucius quote and a meme featuring Super Mario characters. 

“Looking back that data is stored in not very understandable format (tables dumps) we’ll take some time to sort it out and we posting a small part of the data, in ‘human readable format (sample in json file )’ also we post all raw data,” the hacker wrote.

“We’ll continue posting data partially, need some time to do it pretty.”

Included in the post is a dark-web link to some files, which 9News has sighted and which appear to include valid details of Australians and their healthcare interactions.

9News will not publish this information.

It includes full names, phone numbers, addresses, Medicare number, dates of birth, genders and the names of healthcare providers and the codes used by Medibank to list diagnosis and treatment.

Read Related Also: Ex-Texas cop charged over shooting teen Erik Cantu eating hamburger

It’s not known yet how much data the hackers are willing to release or if they are making additional ransom demands of Medibank in the meantime. 

“We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank CEO David Koczkar said.

The health insurer confirmed 9.7 million Australians had had their basic personal information accessed by the hackers, including 5.1 million Medibank customers, 2.8 million AHM clients and 1.8 million international customers.

It was previously confirmed that names, dates of birth, addresses, phone numbers and email addresses had been part of the data breach.

The dark web forum in question was used in 2021 by a ransomware group linked to Russia and abandoned after many in the group were arrested by Russian authorities, but has been back online posting data from hacks in recent months.