- Dec 27, 2016
- 29,814
- 62,397
- AFL Club
- Western Bulldogs
- Moderator
- #1
The initial cyber security incident occurred on October 13, 2022, when Medibank detected some “unusual activity” on its internal systems. After dealing with the cyber-attack, Medibank said in a statement that there was “no evidence that customer data has been accessed” during the breach.
Medibank was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”.
The malicious party attempted to weaponize Medibank’s customers’ private medical data to extort the medical insurer, saying that they would release the data of the“1k most [prominent] media persons” that include “[those with the] most [social media] followers, politicians, actors, bloggers, [LGBTQ+] activists [and] drug-addicted people” as well as people with “very interesting diagnoses”.
It was confirmed on October 20 that the hacker’s claims were legitimate. Medibank, however, publicly refused to bend to the hacker’s demands and said it would not pay a ransom over concerns it would “encourage the criminal to directly extort [its] customers”.
The company also said that it had received council from cyber security experts who had said there was only a “limited chance” that paying the ransom would result in the return of the stolen data.
On November 7, Medibank revealed the true extent of the hack. The malicious actor gained unauthorized access to and stole the data for 9.7 million past and present customers.
The information included email addresses, phone numbers, addresses, Medicare numbers, names, dates of birth, passport numbers and visa details. It also encompassed the health claims data for 192,000 customers which contained private medical information including where customers were admitted for procedures, service provider names and locations and codes associated with diagnosis and procedures given.
www.cshub.com
Medibank was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”.
The malicious party attempted to weaponize Medibank’s customers’ private medical data to extort the medical insurer, saying that they would release the data of the“1k most [prominent] media persons” that include “[those with the] most [social media] followers, politicians, actors, bloggers, [LGBTQ+] activists [and] drug-addicted people” as well as people with “very interesting diagnoses”.
It was confirmed on October 20 that the hacker’s claims were legitimate. Medibank, however, publicly refused to bend to the hacker’s demands and said it would not pay a ransom over concerns it would “encourage the criminal to directly extort [its] customers”.
The company also said that it had received council from cyber security experts who had said there was only a “limited chance” that paying the ransom would result in the return of the stolen data.
On November 7, Medibank revealed the true extent of the hack. The malicious actor gained unauthorized access to and stole the data for 9.7 million past and present customers.
The information included email addresses, phone numbers, addresses, Medicare numbers, names, dates of birth, passport numbers and visa details. It also encompassed the health claims data for 192,000 customers which contained private medical information including where customers were admitted for procedures, service provider names and locations and codes associated with diagnosis and procedures given.
A full timeline of the data breach
- 13 October – Medibank notices some unusual activity on its networks. The affected networks are shut down.
- 14 October – the affected networks are restarted. Medibank releases a statement saying that there is “no evidence” that any customer data was accessed during the breach.
- 17 October – Medibank releases an update on the cyber security incident, describing the ongoing investigation into the unusual activity and recognizing that while it was “consistent with the precursors to a ransomware event”, there was still no evidence customer data had been compromised.
- 19 October – Medibank are contacted directly by the hacker, who claims to have stolen 200GB worth of customer data. The hacker attempts to negotiate the release of the information.
- 20 October – Medibank confirms that the hacker’s claims are legitimate. The Australian Federal Police starts investigating the cyber-attack.
- 7 November – the scope of the data breach is revealed, with Medibank confirming that the data of 9.7 million past and present customers was stolen in the breach. Medibank makes a public statement refusing to pay any ransom to the hacker.
- 8 November – the hacker threatens to release files on the dark web and encourages Medibank shareholders to sell their shares.
- 9 November – the hacker releases the “good-list” and “naughty-list” customer data files on the dark web. The Australian Federal Police partners with Commonwealth agencies and the Five Eyes Law Enforcement partners to investigate the cyber crime. Operation Guardian, which was previously introduced to help the victims of the Optus data breach, is extended to those affected by the Medibank data breach.
- 10 November – the hacker releases the “abortions” customer data files on the dark web and demands US$10mn to stop releasing data.
A full timeline of the Medibank data leak
An up-to-date timeline of the Medibank data leak that saw 9.7 million people’s data stolen and customer’s private medical details shared on the dark web
