Hacker threat: Releasing Medibank Customer data in 24 hours

Yesterday Medibank confirmed that the hacker who accessed their systems had access to 9.7 million customers details, including health data for half a million people and today a group claiming to have the data has threatened to release it in 24 hours.

Using a forum on the Dark Web viewed by EFTM, the post begins by quoting Confucius, saying “A man who has committed a mistake and doesn’t correct it is committing another mistake”.

Following that the post says “Data will be publish in 24 hours”.

The forum in question was previously the home of a large data ransom group called “REVil”. The group was very active in 2021, until Russian Authorities cracked down and made several arrest forcing the group into silence.

In the last hour the alleged hackers have posted an additional update, which is a link to a satirical video made by Aussie Mark Humphries for the ABC

That video can be seen here:

Perhaps thanks to the Russia and Ukraine war and a lack of co-operation between Russia and the West the group now appears to have come back, making this data reveal threat.

It’s unknown if the strategy here is to force Medibank bank into negotiations on a ransom, or if it’s a precursor to them selling the data to other criminals.

It could also be a completely false claim designed entirely to put a “relaunched” Revil back into the spotlight.

Time will tell. If it’s real, we expect to see some sample data released in the coming day, this will validate the hacker in the same way it was done with Optus customers last month when records were released online.

The biggest risk to customers is ransom threats directly to those individuals. All Medibank and AHM customers should be on high alert for scams and sms spam, including ransom demands to prevent health data being released. Any payment to a hacker is likely to be followed by just more demands and no guarantee the data won’t be exposed.

Medibank has advised customers they have expanded their response, offering:

• A cybercrime health & wellbeing line (1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and issues related to sensitive health information
• Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from our contact centre team
• Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available
• Personal duress alarms – for customers particularly vulnerable and/or with safety risks

The company has already offered:

• Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team (13 23 41 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for MHH patients)
• Specialist identity protection advice and resources through IDCARE’s purpose-built Medibank page
• Free identity monitoring services for customers whose identity has been compromised as a result of this crime
• Reimbursement of ID replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
• Specialised teams to help our customers who receive scam communications or threats