Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank confirms names, addresses, birthdays posted to dark web by hackers after ransom deadline passes

Medibank has confirmed that cyber criminals have released customers’ personal data on a dark web forum following a data breach earlier this month.

The information posted included names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for customers of Medibank budget brand ahm (but not expiry dates), in some cases passport numbers for international student customers (but not expiry dates), and some health claims data.

The client data was released after a deadline passed for Medibank to pay a ransom.

AFP Cyber Command Assistant Commissioner Justine Gough said customers that are contacted by phone or by SMS with threats to release their data should not be embarrassed to contact police through ReportCyber.

“Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.” She said in a statement.

Customers have also been advised not to assume that anyone who contacts them actually has access to their data, or that paying a ransom will protect their data privacy in any way.

9.7 million current and former Medibank customers have been affected by the breach.

Would you know how to identify a phishing scam via phone, post or email? Do you know where are your data lives and what protects access to it? Do you know the security score of your key service providers?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact