BREAKING: Medibank Hacker releases more private medical details – less than 3 days after AFP announce “we know who you are”

The person purporting to be the Medibank hacker went silent on Friday and over the weekend after the AFP publicly announced that they believed them to be in Russia and that “we know who you are” – this morning, they have uploaded the details of 500 more Australians onto the Dark Web.

Over the weekend it seemed the AFP had had some luck in scaring the likely Medibank hacker and pushing them deeper into the underworld.

This morning though, EFTM can reveal a new message from the hacker has been posted onto the Dark Web:

There is some more records for everybody to know.

We’ll announce, that next portion of data we’ll publish at Friday, bypassing this week completely in a hope something meaningful happened on Wednesday.

This claim seems to suggest the hackers still feel there is some chance of a “meaningful” resolution, though it seems highly unlikely after both the AFP announcement, and Minister Clare O’Neill’s statement that a new taskforce had been setup to “hack the hackers”

Today’s data leak contains the names, personal contact details and private medical information of 500 more Australians.

EFTM chooses not to outline the name of the file, or the conditions being suggested, but again the Hacker has chosen a “theme” to the diagnosis we can only assume to spread fear in the community.

Unfortunately for the hackers, there is no fear. Australian’s are upset that this happened, angry at the level of cyber security protections in place, but confident that none of this personal information will ever be published.

The only Risk to Australians are scams and scammers who use the information to exploit people individually, and we urge anyone who receives a scam related to their private health information to follow Medibank’s advice and report it:

Be alert for any phishing scams via phone, post or email. We will not contact you about passwords or sensitive information, so any suspicious emails or SMS should be reported to scaminvestigations@medibank.com.au. We’ve also prepared some advice and resources on staying safe online. If someone contacts you online, by phone or by SMS threatening to release your data unless payment is made, please report this through ReportCyber.

Every bit of information we are able to share with authorities will help track them down.

UPDATE: Medibank has released a statement from it’s CEO

“We will continue to support all people who have been impacted by this crime through our Cyber Response Support Program.  This includes mental health and wellbeing support, identity protection and financial hardship measures,” Medibank CEO David Koczkar said.

“If customers are concerned, they should reach out for support from our cybercrime hotline, our mental health support line, Beyond Blue, Lifeline or their GP.

“Anyone who downloads this data from the dark web, which is more complicated than searching for information in a public internet forum and attempts to profit from it is committing a crime. 

“The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data.  We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.

“I unreservedly apologise to our customers.

“Our focus remains resolutely on doing everything we can to make sure our customers are supported during this difficult time.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care.

“We remain committed to fully and transparently communicating with customers and we will continue to contact customers whose data has been released on the dark web,” he said.