Hacked Australian Health Insurer Data Posted to Dark Web | Tech News

Hacked Australian Health Insurer Data Posted to Dark Web

Data stolen from an Australian health insurer, including the names, addresses and birthdates of hundreds of customers, has been posted to a forum on the so-called dark web.

By:BLOOMBERG
| Updated on: Nov 11 2022, 01:04 IST
Medibank
The company expects more data to be released, after earlier this week saying the hackers exposed information of around 9.7 million people. (AP)

Data stolen from an Australian health insurer, including the names, addresses and birthdates of hundreds of customers, has been posted to a forum on the so-called dark web.

The files appear to be a sample of the data that was accessed, Medibank Private Ltd. said in a statement Wednesday. The company expects more data to be released, after earlier this week saying the hackers exposed information of around 9.7 million people.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The release of the personal information comes after a vast data leak at Singapore Telecommunications Ltd.'s Optus unit in September, which exposed the details of as many as 10 million customers. Other recent hacks on pathology services provider Australian Clinical Labs Ltd. and Woolworths Ltd. subsidiary MyDeal have raised concern Australian companies aren't doing enough to protect customer data.

Also read
Looking for a smartphone? To check mobile finder click here.

The hackers warned early Tuesday that they would release the data within 24 hours, a day after the Melbourne-based company said it wouldn't pay a ransom because that would only encourage further crime. The leaked data contained details of about 100 customers including their treatments for cannabis dependence, alcohol abuse, anxiety, and drug use, the Australian Financial Review reported.

Medibank's data breach could cost the company more than A$200 million ($129 million), according to Bloomberg Intelligence analysts Matt Ingram and Jack Baxter. The health insurer, which has already delayed premium increases for affected customers, could face compensation of A$500 to A$20,000 for affected policyholders, the analysts said.

Medibank shares rose 0.7% in afternoon trading in Sydney Wednesday. The stock has slumped around 20% since the hack was first detected just under a month ago, wiping about A$2 billion off the company's market value.

The exposure of the first batch of information and threats to post more could be designed to pressure Medibank to pay the ransom, said Josh Lemon, who teaches cybersecurity at the SANS Institute.

“Unfortunately paying the ransom doesn't always guarantee that the data won't be released, or resold to other cybercriminals,” Lemon said. “I don't believe paying the ransom at this stage will do much more than delay how quickly the data may be released.”

Home Affairs Minister Clare O'Neil said Medibank's decision not to pay a ransom to cyber criminals was in line with government advice.

“Paying them only fuels the ransomware business model,” O'Neil said. “They commit to undertaking actions in return for payment, but so often re-victimize companies and individuals.”

“Under no circumstance should Medibank consider paying the ransom,” said Troy Hunt, who runs breach-tracking website haveibeenpwned. “Their position on this was the right one and reflects the government position on cybercrime and ransoms.”

The Australian Federal Police's operation Guardian, which was initially set up to protect victims of the Optus data breach, will be expanded to include victims of the Medibank hack, Assistant Commissioner Justine Gough said Wednesday.

The government on Wednesday also passed legislation increasing the penalty for repeated or serious privacy breaches to at least A$50 million.

“Significant privacy breaches in recent weeks have shown existing safeguards are outdated and inadequate. This bill makes clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business,” said Attorney-General Mark Dreyfus in a statement.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 11 Nov, 01:04 IST
Tags:
NEXT ARTICLE BEGINS