Nov. 9 (UPI) — Medibank, one of Australia’s largest health insurers, said on Wednesday that the personal data of hundreds of their customers has been released on the dark web after the company said it would refuse to pay a ransom to get the information back.
Some of the data released include names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers and in some cases passport numbers for our international students, along with some health claims data.
“We have become aware that the criminal has released files on a dark web forum containing customer data that is believed to have been stolen from Medibank’s systems,” Medibank said in a statement. “We will be in touch with our customers — via email and post — to provide more details of what specific data we believe has been stolen and published on the dark web.”
Medibank warned customers to be alert for any phishing scams via phone, post or email and suggested that they should change their passwords along with updating their personal details.
“Credit card or banking details have not been accessed, so there is no need to update your payment details or cancel your direct debit,” Medibank said.
Australian Prime Minister Anthony Albanese said in a statement that the government is working with security agencies on the issue.
“We’ve also made sure we’ve been clear about the risks that is there,” Albanese said. “This is really tough to people. I’m a Medibank private customer as well. And it will be of concern that some of this information has been put out there.
“Can I say this though, that the company has followed the guidelines effectively, the advice which is to not engage in a ransom payment. If you go down this road, then you end up with more difficulties potentially across a wider range.”
Medibank officials said on Monday it would not pay the undisclosed ransom after cybercriminals breached the insurer’s database to steal personal information.
The Australian Federal Police said on Wednesday it has expanded its anti-cybercrime initiative Operation Guardian to protect Medibank private customers whose personal information has been unlawfully released.
“The AFP is aware that distressing and very personal information has been released on the dark web and has immediately taken measures, including covert techniques, to identify further criminal activity,” the AFP said.
“Investigators within the AFP’s Cyber Command are working with public and private sector agencies to scour the internet and known criminal online sites to identify those who are buying or selling personal identification information.”